← Back

CVE-2009-1792

nvd nist
Published: May 29, 2009Modified: Apr 23, 2026

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument).

Affected (3)

Stonetrip
2 products
S3dplayer Standalone
S3dplayer Web
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
S3dplayer Standalone
Version 1.7.0.1
Running on/withPlatform Versions
Microsoft
Windows
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
S3dplayer Web
Version 1.6.0.0
Running on/withPlatform Versions
Apple
Macos
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
S3dplayer Standalone
Version 1.6.2.4
Running on/withPlatform Versions
Linux
Linux Kernel
All versions

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (8)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.