SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt
This alert is triggered when detecting specific content indicative of an attempt to exploit CVE-2009-2011 a vulnerability in Worldweaver DX Studio Player. Worldweaver DX Studio Player is a multimedia application that's used for creating interactive 3D web applications. The rule is detecting an attempt to exploit a known vulnerability in the application that enables command execution via the shell.execute command.
ID Number
20871
Signature
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt"; flow:to_client,established; file_data; content:"0AC2706C-8623-46F8-9EDD-8F71A897FDAE"; fast_pattern:only; flowbits:set,http.dxstudio.clsid; flowbits:noalert; metadata:policy max-detect-ips alert, service http; reference:bugtraq,35273; reference:cve,2009-2011; classtype:attempted-user; sid:20871; rev:6;)
MITRE ATT&CK Technique
-
Severity
High
Recommendations/Investigative actions
It is recommended to ensure you're using a patched or updated version of Worldweaver DX Studio Player that addresses this vulnerability.
Check any systems that have interacted with the Worldweaver DX Studio Player for signs of compromise.