CVE-2009-1792

2009-05-2918:30:00

CWE-78

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.006

Percentile

77.6%

JSON

The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument).

Affected configurations

Nvd

Node

stonetrips3dplayer_standaloneMatch1.6.2.4

stonetrips3dplayer_standaloneMatch1.7.0.1

stonetrips3dplayer_webMatch1.6.0.0

AND

microsoftwindows

Node

stonetrips3dplayer_standaloneMatch1.6.2.4

stonetrips3dplayer_webMatch1.6.0.0

AND

applemacos

Node

linuxlinux_kernel

AND

stonetrips3dplayer_standaloneMatch1.6.2.4

VendorProductVersionCPE
stonetrips3dplayer_standalone1.6.2.4cpe:2.3:a:stonetrip:s3dplayer_standalone:1.6.2.4:*:*:*:*:*:*:*
stonetrips3dplayer_standalone1.7.0.1cpe:2.3:a:stonetrip:s3dplayer_standalone:1.7.0.1:*:*:*:*:*:*:*
stonetrips3dplayer_web1.6.0.0cpe:2.3:a:stonetrip:s3dplayer_web:1.6.0.0:*:*:*:*:*:*:*
microsoftwindows*cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
applemacos*cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
stonetrip	s3dplayer_standalone	1.6.2.4	cpe:2.3:a:stonetrip:s3dplayer_standalone:1.6.2.4:::::::*
stonetrip	s3dplayer_standalone	1.7.0.1	cpe:2.3:a:stonetrip:s3dplayer_standalone:1.7.0.1:::::::*
stonetrip	s3dplayer_web	1.6.0.0	cpe:2.3:a:stonetrip:s3dplayer_web:1.6.0.0:::::::*
microsoft	windows	*	cpe:2.3:o:microsoft:windows::::::::
apple	macos	*	cpe:2.3:o:apple:macos::::::::
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::