Winds3D Viewer 3 - 'GetURL()' Arbitrary File Download

EDB-ID:

33067




Platform:

Multiple

Date:

2009-06-08


source: https://www.securityfocus.com/bid/35595/info

Winds3D Viewer is prone to a vulnerability that can allow malicious files to be downloaded an executed within the context of the affected browser that uses the plugin.

Successfully exploiting this issue will allow attackers to compromise the affected application that uses the plugin.

Winds3D Viewer 3.5.0.0 and 3.5.0.5 are vulnerable; other versions may also be affected. 

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/33067.usr