Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2009-1792
HistoryMay 29, 2009 - 6:30 p.m.

CVE-2009-1792

2009-05-2918:30:00
CWE-78
mitre
web.nvd.nist.gov
26
cve-2009-1792
stonetrip
ston3d standaloneplayer
s3dplayer
webplayer
arbitrary commands
remote attackers
shell metacharacters
nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.006

Percentile

77.6%

JSON

The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument).

Affected configurations

Nvd
Node
stonetrips3dplayer_standaloneMatch1.6.2.4
OR
stonetrips3dplayer_standaloneMatch1.7.0.1
OR
stonetrips3dplayer_webMatch1.6.0.0
AND
microsoftwindows
Node
stonetrips3dplayer_standaloneMatch1.6.2.4
OR
stonetrips3dplayer_webMatch1.6.0.0
AND
applemacos
Node
linuxlinux_kernel
AND
stonetrips3dplayer_standaloneMatch1.6.2.4
VendorProductVersionCPE
stonetrips3dplayer_standalone1.6.2.4cpe:2.3:a:stonetrip:s3dplayer_standalone:1.6.2.4:*:*:*:*:*:*:*
stonetrips3dplayer_standalone1.7.0.1cpe:2.3:a:stonetrip:s3dplayer_standalone:1.7.0.1:*:*:*:*:*:*:*
stonetrips3dplayer_web1.6.0.0cpe:2.3:a:stonetrip:s3dplayer_web:1.6.0.0:*:*:*:*:*:*:*
microsoftwindows*cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
applemacos*cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Related

openvas 4
nvd 1
securityvulns 1
prion 1
cvelist 1
openvas
openvas
StoneTrip Ston3D Standalone Player Code Execution Vulnerability (Linux)
2009-06-16 00:00:00
StoneTrip Ston3D Products Code Execution Vulnerability
2009-06-16 00:00:00
StoneTrip Ston3D Standalone Player Code Execution Vulnerability - Linux
2009-06-16 00:00:00
nvd
nvd
CVE-2009-1792
2009-05-29 18:30:00
securityvulns
securityvulns
StoneTrip S3DPlayers code execution
2009-05-29 00:00:00
prion
prion
Design/Logic Flaw
2009-05-29 18:30:00
cvelist
cvelist
CVE-2009-1792
2009-05-29 18:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.006

Percentile

77.6%

JSON
Related for CVE-2009-1792
openvas4nvd1securityvulns1prion1cvelist1