Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2007-0018
HistoryJan 24, 2007 - 9:28 p.m.

CVE-2007-0018

2007-01-2421:28:00
CWE-119
[email protected]
web.nvd.nist.gov
49
nctaudiofile2
activex
buffer overflow
remote code execution
security vulnerability
cve-2007-0018
nctsoft
magic audio recorder
aurora media workshop
db audio mixer
expstudio audio editor
imesh
quikscribe
cdburnerxp
movavi videomessage
softdiv software
sienzo digital music mentor
roemer software
dandans digital media
xrlly software
absolute sound recorder
recordnrip
bearshare
oracle siebel simbuilder
crm 7.x

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.952 High

EPSS

Percentile

99.4%

JSON

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.

Affected configurations

NVD
Node
altdoconvert_mp3_masterMatch1.1
OR
altdomp3_record_and_edit_audio_masterMatch1.2
OR
americansharewaremp3_wav_converterMatch3.1.8
OR
audio_edit_magicaudio_edit_magicMatch9.2.3_389
OR
bearsharebearshareMatch6.0.2.26789
OR
cdburnerxpcdburnerxp_proMatch3.0.116
OR
cheetahburnercheetah_cd_burnerMatch3.56
OR
cheetahburnercheetah_dvd_burnerMatch1.79
OR
code-it_softareabasic_editorMatch10.1
OR
code-it_softarewave_mp3_editorMatch10.1
OR
dandans_digital_media_productseasy_audio_editorMatch7.4
OR
dandans_digital_media_productsfull_audio_converterMatch4.2
OR
dandans_digital_media_productsmusic_editing_masterMatch5.2
OR
dandans_digital_media_productsvisual_video_converterMatch4.4
OR
digital_borneoaudio_mixer_and_editorMatch1.1.0
OR
easy_ringtone_makereasy_ringtone_makerMatch2.0.5
OR
expstudioaudio_editorMatch4.0.2
OR
iaudiosoft.comabsolute_mp3_splitterMatch2.5.4
OR
iaudiosoft.comabsolute_sound_recorderMatch3.4.5
OR
iaudiosoft.comabsolute_video_to_audio_converterMatch2.7.9
OR
imesh.comimeshMatch7.0.2.26789
OR
j_hepple_productsfx_audio_concatMatch1.2.0_beta
OR
j_hepple_productsfx_audio_editorMatch4.7.11
OR
j_hepple_productsfx_audio_toolsMatch7.3.4
OR
j_hepple_productsfx_magic_musicMatch5.7.7
OR
j_hepple_productsfx_movie_joinerMatch6.2.8
OR
j_hepple_productsfx_movie_joiner_and_splitterMatch6.2.8
OR
j_hepple_productsfx_movie_splitterMatch6.4.7
OR
j_hepple_productsfx_new_soundMatch5.1.1
OR
j_hepple_productsfx_video_converterMatch7.51.21
OR
joshua_mediasoftaudio_convertor_plusMatch2.2
OR
joshua_mediasoftvideo_converter_plusMatch3.01
OR
magicvideosoftaremagic_audio_converterMatch8.2.6_build_719
OR
magicvideosoftaremagic_audio_recorderMatch5.3.7
OR
magicvideosoftaremagic_music_editorMatch5.2.2
OR
mcfunsoftaudio_editorMatch6.3.3_build_489
OR
mcfunsoftaudio_recorder_for_freeMatch6.1
OR
mcfunsoftaudio_studioMatch6.6.3_build_479
OR
mcfunsoftipod_audio_studioMatch6.2.4
OR
mcfunsoftipod_music_converterMatch5.1
OR
mcfunsoftrecording_to_ipod_solutionMatch5.1
OR
mediatoxaurora_media_workshopMatch3.3.25
OR
movavichiliburnerMatch2.3
OR
movaviconvertmovieMatch4.4
OR
movavidvd_to_ipodMatch1.0
OR
movavisplitmovieMatch1.4
OR
movavisuiteMatch3.5
OR
movavivideomessageMatch1.0
OR
mp3-softmp3_normalizerMatch1.03
OR
mystik_media_productsaudioedit_deluxeMatch4.10
OR
mystik_media_productsblaze_media_proMatch7.0
OR
mystik_media_productsblaze_mediaconvertMatch3.4
OR
mystik_media_productscontextconvert_proMatch3.1
OR
nctsoft_productsnctaudioeditorMatch2.7.1
OR
nctsoft_productsnctaudiofile2
OR
nctsoft_productsnctaudiostudioMatch2.7.1
OR
nctsoft_productsnctdialogicvoiceMatch2.7.1
OR
nextlevel_systemsaudio_editor_goldMatch9.2.5_build_424
OR
nextlevel_systemsaudio_studio_goldMatch7.0.1.1_build_500
OR
quikscribequikscribe_playerMatch5.022.05
OR
quikscribequikscribe_recorderMatch5.021.29
OR
recordnriprecordnripMatch1.0
OR
rmbsoftaudioconvertMatch3.1.0.125
OR
rmbsoftsoundedit_proMatch2.1
OR
roemer_softwareeasy_hi-q_converterMatch1.7
OR
roemer_softwareeasy_hi-q_recorderMatch2.0
OR
roemer_softwarefree_hi-q_recorderMatch1.9
OR
sienzodigital_music_mentorMatch2.6.0.3
OR
smart_media_systemspower_audio_editorMatch11.0.1
OR
softdiv_softaredexsterMatch3.0
OR
softdiv_softareivideomaxMatch3.9
OR
softdiv_softaremp3_to_wav_converterMatch3.0
OR
softdiv_softaresnoshMatch1.4
OR
softdiv_softarevideozillaMatch2.5
OR
virtual_cdvirtual_cdMatch6.0.0.7
OR
virtual_cdvirtual_cdMatch7.1.0.2
OR
virtual_cdvirtual_cdMatch8.0.0.6
OR
virtual_cdvirtual_cd_file_serverMatch7.1.0.3
OR
xrlly_softwarearial_audio_converterMatch2.3.40
OR
xrlly_softwarearial_sound_recorderMatch1.4.3
OR
xrlly_softwaretext_to_speech_makerMatch1.3.8
OR
xwaver.commagic_audio_editor_proMatch10.3.1_build_476
OR
xwaver.commagic_music_studio_proMatch7.0.2.1_build_500

References

Related

kaspersky 1
cert 1
packetstorm 2
checkpoint_advisories 1
securityvulns 5
cvelist 1
prion 1
nvd 1
kaspersky
kaspersky
KLA10252 ACE vulnerability in multiple software
2007-01-24 00:00:00
cert
cert
Online Media Technologies NCTsoft NCTAudioFile2 ActiveX buffer overflow
2007-01-24 00:00:00
packetstorm
packetstorm
NCTAudioFile2 v2.x ActiveX Control SetFormatLikeSample() Buffer Overflow
2009-12-31 00:00:00
BearShare 6 ActiveX Control Buffer Overflow
2009-11-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Multiple Products NCTAudioFile2 ActiveX Control Buffer Overflow (CVE-2007-0018)
2011-11-15 00:00:00
securityvulns
securityvulns
Sienzo Digital Music Mentor ActiveX buffer overflow
2007-01-24 00:00:00
[Full-disclosure] Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow
2007-01-24 00:00:00
NCTsoft multiple applications ActiveX buffer overflow
2007-05-11 00:00:00
cvelist
cvelist
CVE-2007-0018
2007-01-24 21:00:00
prion
prion
Stack overflow
2007-01-24 21:28:00
nvd
nvd
CVE-2007-0018
2007-01-24 21:28:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.952 High

EPSS

Percentile

99.4%

JSON
Related for CVE-2007-0018
kaspersky1cert1packetstorm2checkpoint_advisories1securityvulns5cvelist1prion1nvd1