4 matches found
Security feature bypass
Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that...
CVE-2009-2011
Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that...
CVE-2009-2011
Summary (CVE-2009-2011) Worldweaver DX Studio Player plugin for Firefox (and related IE/Firefox contexts) is vulnerable to remote command execution via the shell.execute JavaScript API method. The issue affects DX Studio Player versions including 3.0.29.0, 3.0.22.0, 3.0.12.0 and likely other vers...
Worldweaver DX Studio Player < 3.0.29.1 Firefox plugin - Command Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ DX Studio Player Firefox plug-in command injection 1. Advisory Information Title: DX Studio Player Firefox plug-in command injection Advisory ID: CORE-2009-0521...