Test ID:	1.3.6.1.4.1.25623.1.0.800576
Category:	General
Title:	StoneTrip Ston3D Standalone Player Code Execution Vulnerability - Linux
Summary:	StoneTrip Ston3D Standalone Player is prone to a code execution vulnerability.
Description:	Summary: StoneTrip Ston3D Standalone Player is prone to a code execution vulnerability. Vulnerability Insight: The flaw is generated due to inadequate sanitation of user supplied data used in the 'system.openURL()' function. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary codes in the context of the application via shell metacharacters in the 'sURL' argument. Affected Software/OS: StoneTrip Ston3D Standalone Player version 1.6.2.4 and prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1792 BugTraq ID: 35105 http://www.securityfocus.com/bid/35105 Bugtraq: 20090528 CORE-2009-0401 - StoneTrip S3DPlayers remote command injection (Google Search) http://www.securityfocus.com/archive/1/503887/100/0/threaded http://www.coresecurity.com/content/StoneTrip-S3DPlayers http://secunia.com/advisories/35256
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.