dxstudio DX Studio Player prior 3.0.12.0 Javascript API shell.execute os command injection
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.4 | $0-$5k | 0.00 |
Summary
A vulnerability was found in dxstudio DX Studio Player. It has been declared as critical. This affects an unknown function of the file shell.execute of the component Javascript API. Executing a manipulation can lead to os command injection. This vulnerability appears as CVE-2009-2011. In addition, an exploit is available. It is recommended to upgrade the affected component.
Details
A vulnerability classified as very critical was found in dxstudio DX Studio Player. This vulnerability affects some unknown processing of the file shell.execute of the component Javascript API. The manipulation with an unknown input leads to a os command injection vulnerability. The CWE definition for the vulnerability is CWE-78. The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.
The weakness was presented 06/16/2009 by Core Security with CORE Security Technologies (Website). The advisory is shared for download at vupen.com. This vulnerability was named CVE-2009-2011 since 06/08/2009. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Technical details and also a public exploit are known. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 12/01/2024). The MITRE ATT&CK project declares the attack technique as T1202.
A public exploit has been developed by Core Security and been published before and not just after the advisory. It is possible to download the exploit at securityfocus.com. It is declared as highly functional. The vulnerability was handled as a non-public zero-day exploit for at least 6 days. During that time the estimated underground price was around $0-$5k.
Upgrading to version 3.0.12.0 eliminates this vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 9729.
The vulnerability is also documented in the databases at X-Force (51035), Exploit-DB (8922), SecurityFocus (BID 35273†), Secunia (SA35402†) and Vulnerability Center (SBV-31592†). Once again VulDB remains the best source for vulnerability data.
Product
Vendor
Name
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.8VulDB Meta Temp Score: 9.4
VulDB Base Score: 9.8
VulDB Temp Score: 9.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Os command injectionCWE: CWE-78 / CWE-77 / CWE-74
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Highly functional
Author: Core Security
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
OpenVAS ID: 64198
OpenVAS Name: Ubuntu USN-785-1 (ipsec-tools)
OpenVAS File: 🔍
OpenVAS Family: 🔍
MetaSploit ID: dxstudio_player_exec.rb
MetaSploit Name: Worldweaver DX Studio Player shell.execute() Command Execution
MetaSploit File: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: DX Studio Player 3.0.12.0
Suricata ID: 2010841
Suricata Class: 🔍
Suricata Message: 🔍
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
Timeline
06/08/2009 🔍06/09/2009 🔍
06/10/2009 🔍
06/10/2009 🔍
06/10/2009 🔍
06/16/2009 🔍
06/16/2009 🔍
06/16/2009 🔍
05/31/2011 🔍
03/17/2015 🔍
12/01/2024 🔍
Sources
Advisory: vupen.com⛔Researcher: Core Security
Organization: CORE Security Technologies
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2009-2011 (🔍)
GCVE (CVE): GCVE-0-2009-2011
GCVE (VulDB): GCVE-100-48628
X-Force: 51035
SecurityFocus: 35273 - Worldweaver DX Studio Player Browser Plugin Remote Arbitrary Shell Command Injection Vulnerability
Secunia: 35402 - DX Studio Player Firefox Plugin Command Execution Vulnerability, Highly Critical
Vulnerability Center: 31592 - Worldweaver DX Studio Player before 3.0.29.1 with Firefox Remote Code Execution via a .dxstudio File, Medium
Vupen: ADV-2009-1561
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 03/17/2015 23:38Updated: 12/01/2024 09:58
Changes: 03/17/2015 23:38 (68), 03/23/2017 07:40 (22), 12/01/2024 09:58 (17)
Complete: 🔍
Cache ID: 216:15C:103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.