Ston3D S3DPlayer Web and Standalone 'system.openURL()' Remote Command Injection Vulnerability

Ston3D S3DPlayer Web and Standalone 'system.openURL()' Remote Command Injection Vulnerability

An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious file.

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.