CVSS: 7.5EPSS: 22%CPEs: 4EXPL: 1CVE-2007-3493 – NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()'/ Insecure Method
https://notcve.org/view.php?id=CVE-2007-3493
A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400. Cierto control ActiveX en NCTWavChunksEditor2.dll 2.6.1.148 de NCTAudioStudio (NCTAudioStudio2) 2.7, como el utilizado por Sienzo DMM y probablemente otros productos, permite a atacantes remotos crear y sobrescribir ficheros de su elección mediante nombre de ruta completo en el argumento al método CreateFile, un vector diferente de CVE-2007-3400. • https://www.exploit-db.com/exploits/4109 http://osvdb.org/37673 http://secunia.com/advisories/25851 http://www.securityfocus.com/bid/24656 http://www.shinnai.altervista.org/exploits/ntcwavchunkstxt.html http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Exploits&argument=Remote&topic=1182845325.ff.php&page=last http://www.vupen.com/english/advisories/2007/2351 https://exchange.xforce.ibmcloud.com/vulnerabilities/35081 •
CVSS: 9.3EPSS: 8%CPEs: 2EXPL: 2CVE-2007-3400 – NCTAudioEditor2 ActiveX DLL 'NCTWMAFile2.dll 2.6.2.157' - File Write
https://notcve.org/view.php?id=CVE-2007-3400
The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method. El control ActiveX NCTAudioEditor2 en la biblioteca NCTWMAFile2.dll versión 2.6.2.157, distribuido en NCTAudioEditor y NCTAudioStudio versión 2.7, permite a atacantes remotos sobrescribir archivos arbitrarios por medio del método CreateFile. • https://www.exploit-db.com/exploits/4101 http://osvdb.org/37674 http://secunia.com/advisories/25825 http://www.securityfocus.com/bid/24613 http://www.vupen.com/english/advisories/2007/2351 https://exchange.xforce.ibmcloud.com/vulnerabilities/35018 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 95%CPEs: 83EXPL: 3CVE-2007-0018 – Microsoft Internet Explorer - NCTAudioFile2.AudioFile ActiveX Remote Overflow
https://notcve.org/view.php?id=CVE-2007-0018
Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x. Un desbordamiento de búfer en la región stack de la memoria en el control ActiveX NCTAudioFile2.AudioFile (NCTAudioFile2.dll), tal y como es usado en varios productos, permite a atacantes remotos ejecutar código arbitrario por medio de un argumento largo a la función SetFormatLikeSample. NOTA: los productos incluyen (1) NCTsoft NCTAudioStudio, NCTAudioEditor and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. • https://www.exploit-db.com/exploits/3728 https://www.exploit-db.com/exploits/3808 https://www.exploit-db.com/exploits/16603 http://secunia.com/advisories/22922 http://secunia.com/advisories/23475 http://secunia.com/advisories/23485 http://secunia.com/advisories/23493 http://secunia.com/advisories/23495 http://secunia.com/advisories/23511 http://secunia.com/advisories/23516 http://secunia.com/advisories/23530 http://secunia.com/advisories/23532 http://secunia.com/ad • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •