Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:ACTIVEX:DX-PLY-CMD-INJ |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
DX Studio Player Browser Plugin Remote Arbitrary Command Injection |
Release Date |
2011/11/08 |
Update Number |
2025 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: DX Studio Player Browser Plugin Remote Arbitrary Command Injection
This signature detects attempts to use unsafe ActiveX controls in DX Studio Player. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Worldweaver DX Studio Player is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Attackers can exploit this issue to execute arbitrary shell commands in the context of the vulnerable application. Versions prior to DX Studio Player 3.0.29.1 are vulnerable.
Affected Products
- Worldweaver dx_studio_player 3.0.12 0
- Worldweaver dx_studio_player 3.0.22 0
- Worldweaver dx_studio_player 3.0.29 0
References
- BugTraq: 35273
- CVE: CVE-2009-2011