CVE-2009-4588

Name of the Vulnerable Software and Affected Versions AwingSoft Awakening Web3D Player and Winds3D Viewer versions 3.5.0.0 Beta, 3.0.0.5, and earlier

Description The issue is related to a heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control in WindsPly.ocx. This can be triggered by a long SceneUrl property value, potentially allowing remote attackers to cause a denial of service or execute arbitrary code.

Recommendations For versions 3.5.0.0 Beta, 3.0.0.5, and earlier, consider disabling the WindsPlayerIE.View.1 ActiveX control until a patch is available to prevent potential exploitation. Restrict access to the SceneUrl property to minimize the risk of arbitrary code execution.