| Name | AwingSoft.Web3D.Player.WindsPly.Ocx.SceneURL.Access |
| Release Date | Dec 01, 2009 |
| Severity | Critical |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attempt to exploit a code execution vulnerability in AwingSoft Web3D Player.
The vulnerability is located in the "WindsPly.ocx" ActiveX control through miss-use of "SceneURL" method. It may allow remote attackers to execute arbitrary code in vulnerable systems. |
| Affected Products | AwingSoft Awakening 3.0 with WindsPly.ocx v3.5.0.0
AwingSoft Winds3D Player 3.5 |
| Recommended Actions | Set the kill bit for the following CLSID:
{17A54E7D-A9D4-11D8-9552-00E04CB09903} |
| Reference/s | http://osvdb.org/show/osvdb/60017
http://osvdb.org/show/osvdb/60049
http://www.milw0rm.com/exploits/9116
http://xforce.iss.net/xforce/xfdb/51672
|