Ston3D S3DPlayer Web and Standalone 'system.openURL()' Remote Command Injection Vulnerability

Bugtraq ID:	35105
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 28 2009 12:00AM
Updated:	Jun 01 2009 08:59PM
Credit:	Diego Juarez from Core Security Technologies
Vulnerable:	StoneTrip S3DPlayer Web for Mac OS X 1.6.0.0 StoneTrip S3DPlayer StandAlone for Windows 1.7.0.1 StoneTrip S3DPlayer StandAlone for Windows 1.7.0.1 StoneTrip S3DPlayer StandAlone for Windows 1.6.2.4 StoneTrip S3DPlayer StandAlone for Mac OS X 1.6.2.4 StoneTrip S3DPlayer StandAlone for Linux 1.6.2.4

Not Vulnerable: