Vulnerability Description
Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Awingsoft | Awakening Winds3D Viewer Plugin | 3.0.0.5 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/35764Vendor Advisory
- http://www.coresecurity.com/content/winds3d-viewer-advisoryExploit
- http://www.securityfocus.com/bid/35595Exploit
- http://www.vupen.com/english/advisories/2009/1834Vendor Advisory
- http://secunia.com/advisories/35764Vendor Advisory
- http://www.coresecurity.com/content/winds3d-viewer-advisoryExploit
- http://www.securityfocus.com/bid/35595Exploit
- http://www.vupen.com/english/advisories/2009/1834Vendor Advisory
FAQ
What is CVE-2009-2386?
CVE-2009-2386 is a vulnerability with a CVSS score of 9.3 (HIGH). Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files ...
How severe is CVE-2009-2386?
CVE-2009-2386 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2386?
Check the references section above for vendor advisories and patch information. Affected products include: Awingsoft Awakening Winds3D Viewer Plugin.