CVE-2009-2386

Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/35764	Vendor Advisory
http://www.coresecurity.com/content/winds3d-viewer-advisory	Exploit
http://www.securityfocus.com/bid/35595	Exploit
http://www.vupen.com/english/advisories/2009/1834	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:awingsoft:awakening_winds3d_viewer_plugin:3.0.0.5:::::::*
	cpe:2.3:a:awingsoft:awakening_winds3d_viewer_plugin:3.5.0.0:::::::*

History

No history.

Information

Published : 2009-07-10 15:30

Updated : 2024-02-04 17:33

NVD link : CVE-2009-2386

Mitre link : CVE-2009-2386

CVE.ORG link : CVE-2009-2386

JSON object : View

Products Affected

awingsoft

awakening_winds3d_viewer_plugin

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2009-2386", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-07-10T15:30:00.217", "references": [{"url": "http://secunia.com/advisories/35764", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.coresecurity.com/content/winds3d-viewer-advisory", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/35595", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/1834", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method."}, {"lang": "es", "value": "Vulnerabilidad de m\u00e9todo inseguro en el complemento Awingsoft Awakening Winds3D Viewer v3.5.0.0, v3.0.0.5 y posiblemente otras versiones permite a atacantes remotos forzar la descarga y ejecuci\u00f3n de archivos arbitrarios a trav\u00e9s del m\u00e9todo GetURL."}], "lastModified": "2009-07-13T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:awingsoft:awakening_winds3d_viewer_plugin:3.0.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E9ADF12-4B92-44B6-BD4A-F7766257549E"}, {"criteria": "cpe:2.3:a:awingsoft:awakening_winds3d_viewer_plugin:3.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6825AF8E-3F4E-4724-8B7D-E7FBCF72B53E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}