Description
The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file.
Affected products
- awingsoft / awakening_winds3d_viewer_plugin3.5.0.9 – 3.5.0.9
References
- MISChttp://osvdb.org/60049
- VENDOR_ADVISORYhttp://secunia.com/advisories/35764
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/58573
- EXPLOIThttp://www.metasploit.com/redmine/projects/framework/repository/revisions/7518/entry/modules/exploits/windows/browser/awingsoft_winds3d_sceneurl.rb
- EXPLOIThttp://www.metasploit.com/modules/exploit/windows/browser/awingsoft_winds3d_sceneurl