Vulnerability in DX Studio Player allows remote control of Windows machines
The Firefox plug-in for the 3D game development environment DX Studio has a critical vulnerability which could allow an attacker to take control of a victims Windows machine. For an attack to be successful, the victim must visit a web site with a malicious .dxstudio file. According to the advisory from Core Security, the plug-in for Internet Explorer is also affected, however, IE issues a warning message about the security implications of allowing the .dxstudio file to run. With Firefox, there is no such warning.
Versions 220.127.116.11, 18.104.22.168 and 22.214.171.124 of DX Studio Player are affected. Previous versions of the DX Studio Player are also likely to be affected. The 126.96.36.199 release fixes the problems. The developers advise all users to update to the new version as soon as possible.
- Security Update For 3.0.29 Release Player (Firefox), security advisory from DX Studio.
- DX Studio Player Firefox plug-in command injection, security advisory from Core Security Technologies.