PT-2009-4260 · Stonetrip · Ston3D Webplayer+1

Publicado

2009-05-29

Atualizado

2021-09-22

CVE-2009-1792

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: StoneTrip Ston3D StandalonePlayer versions 1.6.2.4 through 1.7.0.1 StoneTrip Ston3D WebPlayer version 1.6.0.0

Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the sURL argument of the system.openURL function.

Recommendations: For StoneTrip Ston3D StandalonePlayer versions 1.6.2.4 through 1.7.0.1, consider restricting the use of the system.openURL function until a patch is available. For StoneTrip Ston3D WebPlayer version 1.6.0.0, avoid using the sURL argument in the system.openURL function until the issue is resolved.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2009-1792

Produtos afetados

Ston3D Standaloneplayer

Ston3D Webplayer

PT-2009-4260 · Stonetrip · Ston3D Webplayer+1

CVE-2009-1792

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5