Vulnerability CVE-2008-0959


Published: 2008-05-29   Modified: 2012-02-12

Description:
Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX control in NCTAudioInformation2.dll, as used in (1) Power Audio CD Grabber 1.0, (2) Power Audio CD Burner 1.02, (3) CinematicMP3 1.4.0.0, (4) Alive MP3 WAV Converter 3.9.3.2, and possibly other products, allow remote attackers to execute arbitrary code via unspecified vectors.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Ussun -> Power audio cd burner 
Ussun -> Power audio cd grabber 
Orion studios -> Cinematicmp3 
Online media technologies -> Nctaudioeditor activex control 
Online media technologies -> Nctaudiostudio activex control 
Alivemedia -> Alive mp3 wav converter 

 References:
http://www.kb.cert.org/vuls/id/669265
http://www.vupen.com/english/advisories/2008/1669
https://exchange.xforce.ibmcloud.com/vulnerabilities/42680

Copyright 2024, cxsecurity.com

 

Back to Top