1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: AwingSoft Wings3D Player SceneURL BO

Web Attack: AwingSoft Wings3D Player SceneURL BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a buffer overflow vulnerability in AwingSoft Wings3D Player which could result in remote code execution.

Additional Information

because it fails to perform adequate boundary checks on user-supplied data. Specifically, this issue affects the WindsPly.ocx ActiveX control when an overly long value to the 'SceneURL' property is encountered.

Attackers can exploit this issue to execute arbitrary code within the context of an application (typically Internet Explorer) that uses the ActiveX control. Failed exploit attempts will result in a denial-of-service condition.

Affected

  • AwingSoft Winds3D Player 3.5
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube