CVE-2009-2011

Worldweaver DX Studio Player <3.0.29.1 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2009-2011. PoCs published by Metasploit, Core Security, jduck, including Metasploit module exploits/windows/browser/dxstudio_player_exec.

AI-analyzed exploit summary This exploit leverages a command execution vulnerability in Worldweaver DX Studio Player by crafting a malicious .dxstudio file that writes a batch script to disk and executes it via shell.execute(). It targets the ActiveX and Firefox plugin versions of the player.

Description

Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16515

This exploit leverages a command execution vulnerability in Worldweaver DX Studio Player by crafting a malicious .dxstudio file that writes a batch script to disk and executes it via shell.execute(). It targets the ActiveX and Firefox plugin versions of the player.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Worldweaver DX Studio Player <= 3.0.29
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · DX Studio Player plugin must be installed and enabled in the browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Core Security · textremotewindows
https://www.exploit-db.com/exploits/8922

The exploit demonstrates a command injection vulnerability in the DX Studio Player Firefox plug-in, allowing arbitrary command execution via the `shell.execute()` method without user warnings in Firefox. The PoC includes an XML file that triggers the execution of `cmd.exe` with a test command.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: DX Studio Player Firefox plug-in v3.0.29.0 and earlier
No auth needed
Prerequisites: Victim must visit a malicious webpage or click a crafted link
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/dxstudio_player_exec.rb

This Metasploit module exploits a command execution vulnerability in DX Studio Player by crafting a malicious .dxstudio file that writes a batch file to disk and executes it via the ActiveX control. The exploit leverages the plugin's unsafe handling of script execution to achieve RCE.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Worldweaver DX Studio Player 3.0.29 and earlier
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · DX Studio Player plugin installed in the browser
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (8)

Core 8
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35402
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35273
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504195/100/0/threaded
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1561
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8922
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51035

Scores

EPSS 0.4018
EPSS Percentile 98.5%

Details

CWE
CWE-78
Status published
Products (3)
dxstudio/dx_studio_player 3.0.12.0
dxstudio/dx_studio_player 3.0.22.0
dxstudio/dx_studio_player < 3.0.29.0
Published Jun 16, 2009
Tracked Since Feb 18, 2026