CVE-2009-4850

The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file.

Date published : 2010-05-07

http://www.metasploit.com/modules/exploit/windows/browser/awingsoft_winds3d_sceneurl

http://www.metasploit.com/redmine/projects/framework/repository/revisions/7518/entry/modules/exploits/windows/browser/awingsoft_winds3d_sceneurl.rb