Vulnerability CVE-2007-0018


Published: 2007-01-24   Modified: 2012-02-12

Description:
Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Nextlevel systems
Product: Audio editor gold 
Version: 9.2.5_build_424;
Product: Audio studio gold 
Version: 7.0.1.1_build_500;
Vendor: Audio edit magic
Product: Audio edit magic 
Version: 9.2.3_389;
Vendor: Magicvideosoftare
Product: Magic audio converter 
Version: 8.2.6_build_719;
Product: Magic audio recorder 
Version: 5.3.7;
Product: Magic music editor 
Version: 5.2.2;
Vendor: Virtual cd
Product: Virtual cd 
Version:
8.0.0.6
7.1.0.2
6.0.0.7
Product: Virtual cd file server 
Version: 7.1.0.3;
Vendor: J hepple products
Product: Fx video converter 
Version: 7.51.21;
Product: Fx audio tools 
Version: 7.3.4;
Product: Fx movie splitter 
Version: 6.4.7;
Product: Fx movie joiner and splitter 
Version: 6.2.8;
Product: Fx movie joiner 
Version: 6.2.8;
Product: Fx magic music 
Version: 5.7.7;
Product: Fx new sound 
Version: 5.1.1;
Product: Fx audio editor 
Version: 4.7.11;
Product: Fx audio concat 
Version: 1.2.0_beta;
Vendor: Dandans digital media products
Product: Easy audio editor 
Version: 7.4;
Product: Music editing master 
Version: 5.2;
Product: Visual video converter 
Version: 4.4;
Product: Full audio converter 
Version: 4.2;
Vendor: Imesh.com
Product: Imesh 
Version: 7.0.2.26789;
Vendor: Xwaver.com
Product: Magic music studio pro 
Version: 7.0.2.1_build_500;
Product: Magic audio editor pro 
Version: 10.3.1_build_476;
Vendor: Mystik media products
Product: Blaze media pro 
Version: 7.0;
Product: Audioedit deluxe 
Version: 4.10;
Product: Blaze mediaconvert 
Version: 3.4;
Product: Contextconvert pro 
Version: 3.1;
Vendor: Mcfunsoft
Product: Audio studio 
Version: 6.6.3_build_479;
Product: Audio editor 
Version: 6.3.3_build_489;
Product: Ipod audio studio 
Version: 6.2.4;
Product: Audio recorder for free 
Version: 6.1;
Product: Ipod music converter 
Version: 5.1;
Product: Recording to ipod solution 
Version: 5.1;
Vendor: Bearshare
Product: Bearshare 
Version: 6.0.2.26789;
Vendor: Quikscribe
Product: Quikscribe player 
Version: 5.022.05;
Product: Quikscribe recorder 
Version: 5.021.29;
Vendor: Movavi
Product: Convertmovie 
Version: 4.4;
Product: Suite 
Version: 3.5;
Product: Chiliburner 
Version: 2.3;
Product: Splitmovie 
Version: 1.4;
Product: Dvd to ipod 
Version: 1.0;
Product: Videomessage 
Version: 1.0;
Vendor: Expstudio
Product: Audio editor 
Version: 4.0.2;
Vendor: Softdiv softare
Product: Ivideomax 
Version: 3.9;
Product: Dexster 
Version: 3.0;
Product: Mp3 to wav converter 
Version: 3.0;
Product: Videozilla 
Version: 2.5;
Product: Snosh 
Version: 1.4;
Vendor: Cheetahburner
Product: Cheetah cd burner 
Version: 3.56;
Product: Cheetah dvd burner 
Version: 1.79;
Vendor: Iaudiosoft.com
Product: Absolute sound recorder 
Version: 3.4.5;
Product: Absolute video to audio converter 
Version: 2.7.9;
Product: Absolute mp3 splitter 
Version: 2.5.4;
Vendor: Mediatox
Product: Aurora media workshop 
Version: 3.3.25;
Vendor: Americanshareware
Product: Mp3 wav converter 
Version: 3.1.8;
Vendor: Rmbsoft
Product: Audioconvert 
Version: 3.1.0.125;
Product: Soundedit pro 
Version: 2.1;
Vendor: Joshua mediasoft
Product: Video converter plus 
Version: 3.01;
Product: Audio convertor plus 
Version: 2.2;
Vendor: Cdburnerxp
Product: Cdburnerxp pro 
Version: 3.0.116;
Vendor: Nctsoft products
Product: Nctdialogicvoice 
Version: 2.7.1;
Product: Nctaudioeditor 
Version: 2.7.1;
Product: Nctaudiostudio 
Version: 2.7.1;
Product: Nctaudiofile2 
Vendor: Sienzo
Product: Digital music mentor 
Version: 2.6.0.3;
Vendor: Xrlly software
Product: Arial audio converter 
Version: 2.3.40;
Product: Arial sound recorder 
Version: 1.4.3;
Product: Text to speech maker 
Version: 1.3.8;
Vendor: Easy ringtone maker
Product: Easy ringtone maker 
Version: 2.0.5;
Vendor: Roemer software
Product: Easy hi-q recorder 
Version: 2.0;
Product: Free hi-q recorder 
Version: 1.9;
Product: Easy hi-q converter 
Version: 1.7;
Vendor: Smart media systems
Product: Power audio editor 
Version: 11.0.1;
Vendor: Code-it softare
Product: Wave mp3 editor 
Version: 10.1;
Product: Abasic editor 
Version: 10.1;
Vendor: Altdo
Product: Mp3 record and edit audio master 
Version: 1.2;
Product: Convert mp3 master 
Version: 1.1;
Vendor: Digital borneo
Product: Audio mixer and editor 
Version: 1.1.0;
Vendor: Mp3-soft
Product: Mp3 normalizer 
Version: 1.03;
Vendor: Recordnrip
Product: Recordnrip 
Version: 1.0;

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.kb.cert.org/vuls/id/292713
http://www.securityfocus.com/archive/1/457936/100/200/threaded
http://www.securityfocus.com/archive/1/457940/100/200/threaded
http://www.securityfocus.com/archive/1/457965/100/200/threaded
http://www.securityfocus.com/bid/22196
http://www.securityfocus.com/bid/23892
http://www.vupen.com/english/advisories/2007/0310
https://exchange.xforce.ibmcloud.com/vulnerabilities/31707

Copyright 2019, cxsecurity.com

 

Back to Top