Vulnerability Description
The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Stonetrip | S3Dplayer Standalone | 1.6.2.4 |
| Stonetrip | S3Dplayer Web | 1.6.0.0 |
| Microsoft | Windows | All versions |
| Apple | Macos | All versions |
| Linux | Linux Kernel | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/35256
- http://www.coresecurity.com/content/StoneTrip-S3DPlayers
- http://www.securityfocus.com/archive/1/503887/100/0/threaded
- http://www.securityfocus.com/bid/35105
- http://secunia.com/advisories/35256
- http://www.coresecurity.com/content/StoneTrip-S3DPlayers
- http://www.securityfocus.com/archive/1/503887/100/0/threaded
- http://www.securityfocus.com/bid/35105
FAQ
What is CVE-2009-1792?
CVE-2009-1792 is a vulnerability with a CVSS score of 9.3 (HIGH). The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary c...
How severe is CVE-2009-1792?
CVE-2009-1792 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1792?
Check the references section above for vendor advisories and patch information. Affected products include: Stonetrip S3Dplayer Standalone, Stonetrip S3Dplayer Web, Microsoft Windows, Apple Macos, Linux Linux Kernel.