Winds3D Viewer 3 - 'GetURL()' Arbitrary File Download

EDB-ID:

33067


Platform:

Multiple

Published:

2009-06-08

source: http://www.securityfocus.com/bid/35595/info

Winds3D Viewer is prone to a vulnerability that can allow malicious files to be downloaded an executed within the context of the affected browser that uses the plugin.

Successfully exploiting this issue will allow attackers to compromise the affected application that uses the plugin.

Winds3D Viewer 3.5.0.0 and 3.5.0.5 are vulnerable; other versions may also be affected. 

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/33067.usr