CVE-2009-0811

Published: Mar 4, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Insecure method vulnerability in the SopCast SopCore ActiveX control in sopocx.ocx 3.0.3.501 allows remote attackers to execute arbitrary programs via an executable file name in the argument to the SetExternalPlayer method.

Affected (1)

Products: Sopcast: Sopcore Activex Control

Sopcast

1 product

Sopcore Activex Control

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sopcast Sopcore Activex Control	Version 3.0.3.501

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (8)

http://retrogod.altervista.org/9sg_sopcastia.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/501252/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/33920

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/48955

Source: cve@mitre.org

http://retrogod.altervista.org/9sg_sopcastia.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/501252/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/33920

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/48955

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.