Winds3D Viewer 3 - 'GetURL()' Arbitrary File Download

EDB-ID:

33067




Platform:

Multiple

Date:

2009-06-08


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

source: https://www.securityfocus.com/bid/35595/info

Winds3D Viewer is prone to a vulnerability that can allow malicious files to be downloaded an executed within the context of the affected browser that uses the plugin.

Successfully exploiting this issue will allow attackers to compromise the affected application that uses the plugin.

Winds3D Viewer 3.5.0.0 and 3.5.0.5 are vulnerable; other versions may also be affected. 

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/33067.usr