Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-0018

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.

Published

2007-01-24T21:28:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application altdo convert_mp3_master 1.1 Yes
Application altdo mp3_record_and_edit_audio_master 1.2 Yes
Application americanshareware mp3_wav_converter 3.1.8 Yes
Application audio_edit_magic audio_edit_magic 9.2.3_389 Yes
Application bearshare bearshare 6.0.2.26789 Yes
Application cdburnerxp cdburnerxp_pro 3.0.116 Yes
Application cheetahburner cheetah_cd_burner 3.56 Yes
Application cheetahburner cheetah_dvd_burner 1.79 Yes
Application code-it_softare abasic_editor 10.1 Yes
Application code-it_softare wave_mp3_editor 10.1 Yes
Application dandans_digital_media_products easy_audio_editor 7.4 Yes
Application dandans_digital_media_products full_audio_converter 4.2 Yes
Application dandans_digital_media_products music_editing_master 5.2 Yes
Application dandans_digital_media_products visual_video_converter 4.4 Yes
Application digital_borneo audio_mixer_and_editor 1.1.0 Yes
Application easy_ringtone_maker easy_ringtone_maker 2.0.5 Yes
Application expstudio audio_editor 4.0.2 Yes
Application iaudiosoft.com absolute_mp3_splitter 2.5.4 Yes
Application iaudiosoft.com absolute_sound_recorder 3.4.5 Yes
Application iaudiosoft.com absolute_video_to_audio_converter 2.7.9 Yes
Application imesh.com imesh 7.0.2.26789 Yes
Application j_hepple_products fx_audio_concat 1.2.0_beta Yes
Application j_hepple_products fx_audio_editor 4.7.11 Yes
Application j_hepple_products fx_audio_tools 7.3.4 Yes
Application j_hepple_products fx_magic_music 5.7.7 Yes
Application j_hepple_products fx_movie_joiner 6.2.8 Yes
Application j_hepple_products fx_movie_joiner_and_splitter 6.2.8 Yes
Application j_hepple_products fx_movie_splitter 6.4.7 Yes
Application j_hepple_products fx_new_sound 5.1.1 Yes
Application j_hepple_products fx_video_converter 7.51.21 Yes
Application joshua_mediasoft audio_convertor_plus 2.2 Yes
Application joshua_mediasoft video_converter_plus 3.01 Yes
Application magicvideosoftare magic_audio_converter 8.2.6_build_719 Yes
Application magicvideosoftare magic_audio_recorder 5.3.7 Yes
Application magicvideosoftare magic_music_editor 5.2.2 Yes
Application mcfunsoft audio_editor 6.3.3_build_489 Yes
Application mcfunsoft audio_recorder_for_free 6.1 Yes
Application mcfunsoft audio_studio 6.6.3_build_479 Yes
Application mcfunsoft ipod_audio_studio 6.2.4 Yes
Application mcfunsoft ipod_music_converter 5.1 Yes
Application mcfunsoft recording_to_ipod_solution 5.1 Yes
Application mediatox aurora_media_workshop 3.3.25 Yes
Application movavi chiliburner 2.3 Yes
Application movavi convertmovie 4.4 Yes
Application movavi dvd_to_ipod 1.0 Yes
Application movavi splitmovie 1.4 Yes
Application movavi suite 3.5 Yes
Application movavi videomessage 1.0 Yes
Application mp3-soft mp3_normalizer 1.03 Yes
Application mystik_media_products audioedit_deluxe 4.10 Yes
Application mystik_media_products blaze_media_pro 7.0 Yes
Application mystik_media_products blaze_mediaconvert 3.4 Yes
Application mystik_media_products contextconvert_pro 3.1 Yes
Application nctsoft_products nctaudioeditor 2.7.1 Yes
Application nctsoft_products nctaudiofile2 * Yes
Application nctsoft_products nctaudiostudio 2.7.1 Yes
Application nctsoft_products nctdialogicvoice 2.7.1 Yes
Application nextlevel_systems audio_editor_gold 9.2.5_build_424 Yes
Application nextlevel_systems audio_studio_gold 7.0.1.1_build_500 Yes
Application quikscribe quikscribe_player 5.022.05 Yes
Application quikscribe quikscribe_recorder 5.021.29 Yes
Application recordnrip recordnrip 1.0 Yes
Application rmbsoft audioconvert 3.1.0.125 Yes
Application rmbsoft soundedit_pro 2.1 Yes
Application roemer_software easy_hi-q_converter 1.7 Yes
Application roemer_software easy_hi-q_recorder 2.0 Yes
Application roemer_software free_hi-q_recorder 1.9 Yes
Application sienzo digital_music_mentor 2.6.0.3 Yes
Application smart_media_systems power_audio_editor 11.0.1 Yes
Application softdiv_softare dexster 3.0 Yes
Application softdiv_softare ivideomax 3.9 Yes
Application softdiv_softare mp3_to_wav_converter 3.0 Yes
Application softdiv_softare snosh 1.4 Yes
Application softdiv_softare videozilla 2.5 Yes
Application virtual_cd virtual_cd 6.0.0.7 Yes
Application virtual_cd virtual_cd 7.1.0.2 Yes
Application virtual_cd virtual_cd 8.0.0.6 Yes
Application virtual_cd virtual_cd_file_server 7.1.0.3 Yes
Application xrlly_software arial_audio_converter 2.3.40 Yes
Application xrlly_software arial_sound_recorder 1.4.3 Yes
Application xrlly_software text_to_speech_maker 1.3.8 Yes
Application xwaver.com magic_audio_editor_pro 10.3.1_build_476 Yes
Application xwaver.com magic_music_studio_pro 7.0.2.1_build_500 Yes
References