CVE-2007-0018 | AttackerKB

Description

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Products

Metasploit Modules

NCTAudioFile2 v2.x ActiveX Control SetFormatLikeSample() Buffer Overflow (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/nctaudiofile2_setformatlikesample.rb)

References

Canonical

CVE-2007-0018 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0018)

BID-23892 (http://www.securityfocus.com/bid/23892)

BID-22196 (http://www.securityfocus.com/bid/22196)

Advisory

SECUNIA-23546 (http://secunia.com/advisories/23546)

SECUNIA-23535 (http://secunia.com/advisories/23535)

XF-nctaudiofile2-multiple-bo(31707) (https://exchange.xforce.ibmcloud.com/vulnerabilities/31707)

SECUNIA-23562 (http://secunia.com/advisories/23562)

SECUNIA-23536 (http://secunia.com/advisories/23536)

SECUNIA-30459 (http://secunia.com/advisories/30459)

SECUNIA-30406 (http://secunia.com/advisories/30406)

SECUNIA-23553 (http://secunia.com/advisories/23553)

SECUNIA-23551 (http://secunia.com/advisories/23551)

SECUNIA-23485 (http://secunia.com/advisories/23485)

SECUNIA-23550 (http://secunia.com/advisories/23550)

SECUNIA-30447 (http://secunia.com/advisories/30447)

SECUNIA-23541 (http://secunia.com/advisories/23541)

SECUNIA-26046 (http://secunia.com/advisories/26046)

SECUNIA-23534 (http://secunia.com/advisories/23534)

SECUNIA-23516 (http://secunia.com/advisories/23516)

SECUNIA-25993 (http://secunia.com/advisories/25993)

SECUNIA-23495 (http://secunia.com/advisories/23495)

SECUNIA-23558 (http://secunia.com/advisories/23558)

SECUNIA-23544 (http://secunia.com/advisories/23544)

20070124 Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX ControlBuffer Overflow (http://www.securityfocus.com/archive/1/457936/100/200/threaded)

SECUNIA-23530 (http://secunia.com/advisories/23530)

SECUNIA-23795 (http://secunia.com/advisories/23795)

SECUNIA-23543 (http://secunia.com/advisories/23543)

SECUNIA-23552 (http://secunia.com/advisories/23552)

SECUNIA-23475 (http://secunia.com/advisories/23475)

SECUNIA-23560 (http://secunia.com/advisories/23560)

SECUNIA-30439 (http://secunia.com/advisories/30439)

20070124 Secunia Research: Sienzo Digital Music Mentor NCTAudioFile2ActiveX Control Buffer Overflow (http://www.securityfocus.com/archive/1/457940/100/200/threaded)

SECUNIA-26100 (http://secunia.com/advisories/26100)

20070124 Re: Secunia Research: NCTsoft Products NCTAudioFile2 ActiveXControl Buffer Overflow (http://www.securityfocus.com/archive/1/457965/100/200/threaded)

SECUNIA-23548 (http://secunia.com/advisories/23548)

SECUNIA-30446 (http://secunia.com/advisories/30446)

SECUNIA-30424 (http://secunia.com/advisories/30424)

SECUNIA-23561 (http://secunia.com/advisories/23561)

SECUNIA-23557 (http://secunia.com/advisories/23557)

SECUNIA-23745 (http://secunia.com/advisories/23745)

SECUNIA-28407 (http://secunia.com/advisories/28407)

SECUNIA-23493 (http://secunia.com/advisories/23493)

SECUNIA-23511 (http://secunia.com/advisories/23511)

ADV-2007-0310 (http://www.vupen.com/english/advisories/2007/0310)

SECUNIA-23565 (http://secunia.com/advisories/23565)

SECUNIA-22922 (http://secunia.com/advisories/22922)

SECUNIA-30450 (http://secunia.com/advisories/30450)

SECUNIA-23568 (http://secunia.com/advisories/23568)

SECUNIA-23532 (http://secunia.com/advisories/23532)

SECUNIA-26101 (http://secunia.com/advisories/26101)

SECUNIA-23753 (http://secunia.com/advisories/23753)

SECUNIA-23542 (http://secunia.com/advisories/23542)

VU#292713 (http://www.kb.cert.org/vuls/id/292713)

SECUNIA-23554 (http://secunia.com/advisories/23554)

Miscellaneous

http://secunia.com/secunia_research/2007-7/advisory

http://secunia.com/secunia_research/2007-12/advisory

http://secunia.com/secunia_research/2007-27/advisory

http://secunia.com/secunia_research/2007-29/advisory

http://secunia.com/secunia_research/2007-24/advisory

http://secunia.com/secunia_research/2007-8/advisory

http://secunia.com/secunia_research/2007-9/advisory

http://secunia.com/secunia_research/2007-13/advisory

http://secunia.com/secunia_research/2007-20/advisory

http://secunia.com/secunia_research/2007-50/advisory

http://secunia.com/secunia_research/2007-16/advisory

http://secunia.com/secunia_research/2007-28/advisory

http://secunia.com/secunia_research/2007-15/advisory

http://secunia.com/secunia_research/2007-10/advisory

http://secunia.com/secunia_research/2007-4/advisory

http://secunia.com/secunia_research/2007-18/advisory

http://secunia.com/secunia_research/2007-23/advisory

http://secunia.com/secunia_research/2007-14/advisory

http://secunia.com/secunia_research/2007-19/advisory

http://secunia.com/secunia_research/2007-17/advisory

http://secunia.com/secunia_research/2007-31/advisory

http://secunia.com/secunia_research/2007-32/advisory

http://secunia.com/secunia_research/2007-33/advisory

http://secunia.com/secunia_research/2007-3/advisory

http://secunia.com/blog/6

http://secunia.com/secunia_research/2007-25/advisory

http://secunia.com/secunia_research/2007-34/advisory

http://secunia.com/secunia_research/2007-21/advisory

http://secunia.com/secunia_research/2007-6/advisory

http://secunia.com/secunia_research/2007-30/advisory

http://secunia.com/secunia_research/2007-5/advisory

http://secunia.com/secunia_research/2007-11/advisory

http://secunia.com/secunia_research/2007-22/advisory

http://secunia.com/secunia_research/2007-26/advisory

http://secunia.com/secunia_research/2007-2/advisory

Rapid7

Technical Analysis