CVE-2009-0811

Insecure method vulnerability in the SopCast SopCore ActiveX control in sopocx.ocx 3.0.3.501 allows remote attackers to execute arbitrary programs via an executable file name in the argument to the SetExternalPlayer method.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://retrogod.altervista.org/9sg_sopcastia.html
http://www.securityfocus.com/archive/1/501252/100/0/threaded
http://www.securityfocus.com/bid/33920	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/48955
http://retrogod.altervista.org/9sg_sopcastia.html
http://www.securityfocus.com/archive/1/501252/100/0/threaded
http://www.securityfocus.com/bid/33920	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/48955

Configurations

Configuration 1 (hide)

cpe:2.3:a:sopcast:sopcore_activex_control:3.0.3.501:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-03-04 17:30

Updated : 2025-04-09 00:30

NVD link : CVE-2009-0811

Mitre link : CVE-2009-0811

CVE.ORG link : CVE-2009-0811

JSON object : View

Products Affected

sopcast

sopcore_activex_control

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2009-0811", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-03-04T17:30:02.640", "references": [{"url": "http://retrogod.altervista.org/9sg_sopcastia.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/501252/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/33920", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48955", "source": "cve@mitre.org"}, {"url": "http://retrogod.altervista.org/9sg_sopcastia.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/501252/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/33920", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48955", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Insecure method vulnerability in the SopCast SopCore ActiveX control in sopocx.ocx 3.0.3.501 allows remote attackers to execute arbitrary programs via an executable file name in the argument to the SetExternalPlayer method."}, {"lang": "es", "value": "Vulnerabilidad de m\u00e9todo inseguro en el control ActiveX de SopCast SopCore de sopocx.ocx v3.0.3.501, permite a atacantes remotos ejecutar programas de su elecci\u00f3n a trav\u00e9s de un nombre de fichero ejecutable en el argumento al m\u00e9todo SetExternalPlayer."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sopcast:sopcore_activex_control:3.0.3.501:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD4876BB-0F7F-41D0-BBE2-9790667C6D88"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}