2 matches found
CVE-2009-2386
Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method...
Winds3D Viewer GetURL()函数远程代码执行漏洞
BUGTRAQ ID: 35595 CVECAN ID: CVE-2009-2386 Awakening是一个功能强大的实时3D解决方案,Winds3D Viewer是Awakening的浏览器插件。 Winds3D Viewer以不安全的方式实现了GetURL函数: /----------- GetURLstring URL Description: Open browser to visit assigned URL returns: None - -----------/ 调用GetURL最终会执行相当于“ShellExecuteNULL, "open", URL, 0, 0,...