Computer Security
[EN] no-pyccku

DX Studio Player Firefox plug-in code execution
SecurityVulns ID:9991
Threat Level:
Description:It's possible to execute system commands via Javascript API.
Affected:DXSTUDIO : DX Studio Player 3.0
CVE:CVE-2009-2011 (Worldweaver DX Studio Player,,, and probably other versions before, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0521 - DX Studio Player Firefox plug-in command injection (14.06.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod