| Release Date | Sep 17, 2009 |
| Severity | Critical |
| Impact | System compromise |
| Description | This indicates an attack attempt against a command-execution vulnerability in the Awingsoft Awakening Winds3D Viewer plugin.
The vulnerability is caused by an error when the vulnerable software handles a malicious Winds3D scene. It allows a remote attacker to execute arbitrary command by enticing the user to visit a malicious website. |
| Affected Products | Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5 |
| Recommended Actions | Temporarily disable the affected plugin. |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2386
|
| Reference/s | http://www.securityfocus.com/bid/35595 (BugTraq)
|