CVSS: 7.5EPSS: 22%CPEs: 4EXPL: 1CVE-2007-3493 – NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()'/ Insecure Method
https://notcve.org/view.php?id=CVE-2007-3493
A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400. Cierto control ActiveX en NCTWavChunksEditor2.dll 2.6.1.148 de NCTAudioStudio (NCTAudioStudio2) 2.7, como el utilizado por Sienzo DMM y probablemente otros productos, permite a atacantes remotos crear y sobrescribir ficheros de su elección mediante nombre de ruta completo en el argumento al método CreateFile, un vector diferente de CVE-2007-3400. • https://www.exploit-db.com/exploits/4109 http://osvdb.org/37673 http://secunia.com/advisories/25851 http://www.securityfocus.com/bid/24656 http://www.shinnai.altervista.org/exploits/ntcwavchunkstxt.html http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Exploits&argument=Remote&topic=1182845325.ff.php&page=last http://www.vupen.com/english/advisories/2007/2351 https://exchange.xforce.ibmcloud.com/vulnerabilities/35081 •
CVSS: 9.3EPSS: 8%CPEs: 2EXPL: 2CVE-2007-3400 – NCTAudioEditor2 ActiveX DLL 'NCTWMAFile2.dll 2.6.2.157' - File Write
https://notcve.org/view.php?id=CVE-2007-3400
The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method. El control ActiveX NCTAudioEditor2 en la biblioteca NCTWMAFile2.dll versión 2.6.2.157, distribuido en NCTAudioEditor y NCTAudioStudio versión 2.7, permite a atacantes remotos sobrescribir archivos arbitrarios por medio del método CreateFile. • https://www.exploit-db.com/exploits/4101 http://osvdb.org/37674 http://secunia.com/advisories/25825 http://www.securityfocus.com/bid/24613 http://www.vupen.com/english/advisories/2007/2351 https://exchange.xforce.ibmcloud.com/vulnerabilities/35018 • CWE-20: Improper Input Validation •