What is CVE-2009-2011?

CVE-2009-2011 is a vulnerability in N/a. Published 2009-06-16.

Is CVE-2009-2011 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2009-2011

Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers…

EPSS: 0.768 (99.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

35402 (x_refsource_SECUNIA, third-party-advisory)
35273 (vdb-entry, x_refsource_BID)
20090609 CORE-2009-0521 - DX Studio Player Firefox plug-in command injection (mailing-list, x_refsource_BUGTRAQ)
www.coresecurity.com/content/DXStudio-player-firefox-plugin (x_refsource_MISC)
www.dxstudio.com/forumtopic.aspx (x_refsource_CONFIRM)
ADV-2009-1561 (vdb-entry, x_refsource_VUPEN)
8922 (exploit, x_refsource_EXPLOIT-DB)
dxstudioplayer-shellexecute-command-exec(51035) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2009-2011?: CVE-2009-2011 is a vulnerability in N/a. Published 2009-06-16.
Is CVE-2009-2011 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.