CVE-2009-2386

{"id": "CVE-2009-2386", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-07-10T15:30:00.217", "references": [{"url": "http://secunia.com/advisories/35764", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.coresecurity.com/content/winds3d-viewer-advisory", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/35595", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/1834", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/35764", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.coresecurity.com/content/winds3d-viewer-advisory", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/35595", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/1834", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method."}, {"lang": "es", "value": "Vulnerabilidad de m\u00e9todo inseguro en el complemento Awingsoft Awakening Winds3D Viewer v3.5.0.0, v3.0.0.5 y posiblemente otras versiones permite a atacantes remotos forzar la descarga y ejecuci\u00f3n de archivos arbitrarios a trav\u00e9s del m\u00e9todo GetURL."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:awingsoft:awakening_winds3d_viewer_plugin:3.0.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E9ADF12-4B92-44B6-BD4A-F7766257549E"}, {"criteria": "cpe:2.3:a:awingsoft:awakening_winds3d_viewer_plugin:3.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6825AF8E-3F4E-4724-8B7D-E7FBCF72B53E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}