NVD

Id
49273  
Name
CVE-2009-2011  
Description
Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-07  
Published
2009-06-16  
Modified Date
2009-06-22  
Seq
2009-2011  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
249528 49273 CVE-2009-2011 http://www.coresecurity.com/content/DXStudio-player-firefox-plugin  View
249529 49273 CVE-2009-2011 http://www.dxstudio.com/forumtopic.aspx?topicid=b4152459-fb5f-4933-b700-b3fbd54f6bfd  View
249530 49273 CVE-2009-2011 8922  View
249531 49273 CVE-2009-2011 20090609 CORE-2009-0521 - DX Studio Player Firefox plug-in command injection  View
249532 49273 CVE-2009-2011 35273  View
249533 49273 CVE-2009-2011 ADV-2009-1561  View
249534 49273 CVE-2009-2011 dxstudioplayer-shellexecute-command-exec(51035)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
42486 JVNDB-2009-003493 Worldweaver DX Studio Player における任意のコマンドを実行される脆弱性 Worldweaver DX Studio Player には、Firefox のプラグインとして使用される際、shell.execute JavaScript API メソッドへのアクセスを制限しないため、任意のコマンドを実行される脆弱性が存在します。 CVE-2009-2011 39442 CVE-2009-2011 49273 9.3 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003493.html 2009-06-01 2012-06-26 View