EUVD-2009-2382

Malware in sbrugna...

CVE-2009-2386

Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method...

AwingSoft Winds3D Player SceneURL Buffer Overflow

No description provided by source. $Id: awingsoftweb3dbof.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

Winds3D Viewer 3 'GetURL()' Arbitrary File Download Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35595/info Winds3D Viewer is prone to a vulnerability that can allow malicious files to be downloaded an executed within the context of the affected browser that uses the plugin. Successfully exploiting this issue will...

AwingSoft Winds3D Player 3.5 SceneURL Download and Execute

No description provided by source. $Id: awingsoftwinds3dsceneurl.rb 10389 2010-09-20 04:38:13Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

AwingSoft Winds3D Player SceneURL Code Execution (CVE-2009-4850)

A code execution vulnerability has been reported in AwingSoft's Winds3D player, a browser plug-in for IE, Firefox and Opera. The vulnerability is due to an error in the way the application handles files with specially crafted parameters. An attacker could exploit this vulnerability by enticing a...

CVE-2009-4850

The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file...

Design/Logic Flaw

The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file...

CVE-2009-4850

CVE-2009-4850 affects AwingSoft Winds3D Viewer plugin 3.5.0.9. The vulnerability allows remote code execution by supplying a SceneURL value that points to an executable (.exe). Public references show exploitation tooling in Metasploit (sceneurl module) and historical coverage (Exploit-DB), confir...

CVE-2009-4588

CVE-2009-4588 describes a heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control (WindsPly.ocx) used by AwingSoft Awakening Web3D Player and Winds3D Viewer. The vulnerability allows remote attackers to crash the application or execute arbitrary code by supplying a long SceneUrl va...

Security feature bypass

Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method...

CVE-2009-2386

Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method...

CVE-2009-2386

Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method...

CVE-2009-2386

The CVE-2009-2386 entry concerns Awingsoft Awakening Winds3D Viewer plugin (Winds3D Viewer) for/versions 3.5.0.0 and 3.0.0.5 (and possibly others). The vulnerability lies in the GetURL method, which insecurely downloads and executes arbitrary files when invoked, allowing remote attackers to trigg...

[Full-disclosure] CORE-2009-0519 - Awingsoft Awakening Winds3D Viewer remote command execution vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Awingsoft Awakening Winds3D Viewer remote command execution vulnerability 1. Advisory Information Title: Awingsoft Awakening Winds3D Viewer remote command execution...

Winds3D Viewer 3 - GetURL() Arbitrary File Download

Winds3D Viewer 3 - GetURL Arbitrary File Download source: https://www.securityfocus.com/bid/35595/info Winds3D Viewer is prone to a vulnerability that can allow malicious files to be downloaded an executed within the context of the affected browser that uses the plugin. Successfully exploiting th...

Winds3D Viewer 3 - 'GetURL()' Arbitrary File Download

source: https://www.securityfocus.com/bid/35595/info Winds3D Viewer is prone to a vulnerability that can allow malicious files to be downloaded an executed within the context of the affected browser that uses the plugin. Successfully exploiting this issue will allow attackers to compromise the...