1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Worldweaver DX Studio Player Plugin

Web Attack: Worldweaver DX Studio Player Plugin

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a remote code vulnerability in Worldweaver DX Studio player which may result in remote execution.

Additional Information

Worldweaver DX Studio is a development environment for creating 3D graphics. The Player application is a browser plugin used for displaying DX Studio documents in Internet Explorer or Firefox.

The application is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Specifically, commands sent to the 'shell.execute()' method will execute without warning in the Firefox plugin.

To exploit this issue, attackers must entice an unsuspecting user to use the affected application to view a specially crafted webpage containing malicious DX Studio content.

Attackers can exploit this issue to execute arbitrary shell commands in the context of the vulnerable application.

Affected

  • Versions prior to DX Studio Player 3.0.29.1 are vulnerable.

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube