PT-2009-3410 · Sopcast · Sopcast Sopcore Activex Control

Publicado

2009-03-04

Atualizado

2018-10-10

CVE-2009-0811

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SopCast SopCore ActiveX control version 3.0.3.501

Description The issue is related to an insecure method in the SopCast SopCore ActiveX control, which allows remote attackers to execute arbitrary programs. This can be achieved by providing an executable file name as an argument to the SetExternalPlayer method.

Recommendations For version 3.0.3.501, consider disabling the SetExternalPlayer method until a patch is available to prevent remote attackers from executing arbitrary programs.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2009-0811

Produtos afetados

Sopcast Sopcore Activex Control

PT-2009-3410 · Sopcast · Sopcast Sopcore Activex Control

CVE-2009-0811

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6