OSVDB ID: 60017

Title: AwingSoft Web3D Player WindsPlayerIE.View.1 ActiveX (WindsPly.ocx) SceneURL() Method Overflow

Info

Disclosure

Jul 10, 2009

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Web 3D Player is prone to an overflow condition. The WindsPly.ocx ActiveX control fails to properly sanitize user-supplied input to the SceneURL() method resulting in a stack overflow. With a specially crafted website, a context-dependent attacker can potentially cause arbitrary code execution.

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

AwingSoft

Web 3D Player

3.5

References

CVE ID: 2009-4588 (see also: NVD)
Secunia Advisory ID: 35764
ISS X-Force ID: 51672
Metasploit ID: 60017
Milw0rm: 9116
Exploit Database: 9116
Vendor URL: http://www.awingsoft.com/
Generic Exploit URL: http://www.rec-sec.com/2009/07/28/awingsoft-web3d-buffer-overflow/
http://www.shinnai.net/xplits/TXT_nsGUdeley3EHfKEV690p.html [ Link is 404 ]
Other Advisory URL: http://www.shinnai.net/exploits/nsGUdeley3EHfKEV690p.txt

Credit

shinnai - shinnaiautistici.org -

Direct URL: http://osvdb.org/60017