HTTP: DX Studio Player Browser Plugin Remote Arbitrary Command Injection
This signature detects attempts to use unsafe ActiveX controls in DX Studio Player. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Worldweaver DX Studio Player is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Attackers can exploit this issue to execute arbitrary shell commands in the context of the vulnerable application. Versions prior to DX Studio Player 3.0.29.1 are vulnerable.
Affected Products
Worldweaver dx_studio_player
Short Name
HTTP:STC:ACTIVEX:DX-PLY-CMD-INJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Arbitrary Browser CVE-2009-2011 Command DX Injection Player Plugin Remote Studio bid:35273
Release Date
11/08/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Worldweaver
CVSS Score
9.3