Intrusion Prevention

Awingsoft.Winds3d.Command.Execution

Description

This indicates an attack attempt against a command-execution vulnerability in the Awingsoft Awakening Winds3D Viewer plugin.
The vulnerability is caused by an error when the vulnerable software handles a malicious Winds3D scene. It allows a remote attacker to execute arbitrary command by enticing the user to visit a malicious website.

Affected Products

Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5

Impact

System compromise

Recommended Actions

Temporarily disable the affected plugin.

CVE References

CVE-2009-2386