Ston3D S3DPlayer Web and Standalone 'system.openURL()' Remote Command Injection Vulnerability

Bugtraq ID: 35105
Class: Input Validation Error
CVE: CVE-2009-1792
Remote: Yes
Local: No
Published: May 28 2009 12:00AM
Updated: Apr 13 2015 09:10PM
Credit: Diego Juarez from Core Security Technologies
Vulnerable: StoneTrip S3DPlayer Web for Mac OS X 1.6.0.0
StoneTrip S3DPlayer StandAlone for Windows 1.7.0.1
StoneTrip S3DPlayer StandAlone for Windows 1.6.2.4
StoneTrip S3DPlayer StandAlone for Mac OS X 1.6.2.4
StoneTrip S3DPlayer StandAlone for Linux 1.6.2.4
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus