Computer Security
[EN] securityvulns.ru no-pyccku


DX Studio Player Firefox plug-in code execution
Published:14.06.2009
Source:
SecurityVulns ID:9991
Type:remote
Threat Level:
5/10
Description:It's possible to execute system commands via Javascript API.
Affected:DXSTUDIO : DX Studio Player 3.0
CVE:CVE-2009-2011 (Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0521 - DX Studio Player Firefox plug-in command injection (14.06.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod