CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2007-0018

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.
Publish Date : 2007-01-24 Last Update Date : 2009-01-02
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
9.3
Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access Admin
Vulnerability Type(s) Execute CodeOverflow
CWE ID 119

- Products Affected By CVE-2007-0018

# Product Type Vendor Product Version Update Edition Language
1 Application Altdo Convert Mp3 Master 1.1 Version Details Vulnerabilities
2 Application Altdo Mp3 Record And Edit Audio Master 1.2 Version Details Vulnerabilities
3 Application Americanshareware Mp3 Wav Converter 3.1.8 Version Details Vulnerabilities
4 Application Audio Edit Magic Audio Edit Magic 9.2.3 389 Version Details Vulnerabilities
5 Application Bearshare Bearshare 6.0.2.26789 Version Details Vulnerabilities
6 Application Cdburnerxp Cdburnerxp Pro 3.0.116 Version Details Vulnerabilities
7 Application Cheetahburner Cheetah Cd Burner 3.56 Version Details Vulnerabilities
8 Application Cheetahburner Cheetah Dvd Burner 1.79 Version Details Vulnerabilities
9 Application Code-it Softare Abasic Editor 10.1 Version Details Vulnerabilities
10 Application Code-it Softare Wave Mp3 Editor 10.1 Version Details Vulnerabilities
11 Application Dandans Digital Media Products Easy Audio Editor 7.4 Version Details Vulnerabilities
12 Application Dandans Digital Media Products Full Audio Converter 4.2 Version Details Vulnerabilities
13 Application Dandans Digital Media Products Music Editing Master 5.2 Version Details Vulnerabilities
14 Application Dandans Digital Media Products Visual Video Converter 4.4 Version Details Vulnerabilities
15 Application Digital Borneo Audio Mixer And Editor 1.1.0 Version Details Vulnerabilities
16 Application Easy Ringtone Maker Easy Ringtone Maker 2.0.5 Version Details Vulnerabilities
17 Application Expstudio Audio Editor 4.0.2 Version Details Vulnerabilities
18 Application Iaudiosoft.com Absolute Mp3 Splitter 2.5.4 Version Details Vulnerabilities
19 Application Iaudiosoft.com Absolute Sound Recorder 3.4.5 Version Details Vulnerabilities
20 Application Iaudiosoft.com Absolute Video To Audio Converter 2.7.9 Version Details Vulnerabilities
21 Application Imesh.com Imesh 7.0.2.26789 Version Details Vulnerabilities
22 Application J Hepple Products Fx Audio Concat 1.2.0 Beta Version Details Vulnerabilities
23 Application J Hepple Products Fx Audio Editor 4.7.11 Version Details Vulnerabilities
24 Application J Hepple Products Fx Audio Tools 7.3.4 Version Details Vulnerabilities
25 Application J Hepple Products Fx Magic Music 5.7.7 Version Details Vulnerabilities
26 Application J Hepple Products Fx Movie Joiner 6.2.8 Version Details Vulnerabilities
27 Application J Hepple Products Fx Movie Joiner And Splitter 6.2.8 Version Details Vulnerabilities
28 Application J Hepple Products Fx Movie Splitter 6.4.7 Version Details Vulnerabilities
29 Application J Hepple Products Fx New Sound 5.1.1 Version Details Vulnerabilities
30 Application J Hepple Products Fx Video Converter 7.51.21 Version Details Vulnerabilities
31 Application Joshua Mediasoft Audio Convertor Plus 2.2 Version Details Vulnerabilities
32 Application Joshua Mediasoft Video Converter Plus 3.01 Version Details Vulnerabilities
33 Application Magicvideosoftare Magic Audio Converter 8.2.6 Build 719 Version Details Vulnerabilities
34 Application Magicvideosoftare Magic Audio Recorder 5.3.7 Version Details Vulnerabilities
35 Application Magicvideosoftare Magic Music Editor 5.2.2 Version Details Vulnerabilities
36 Application Mcfunsoft Audio Editor 6.3.3 Build 489 Version Details Vulnerabilities
37 Application Mcfunsoft Audio Recorder For Free 6.1 Version Details Vulnerabilities
38 Application Mcfunsoft Audio Studio 6.6.3 Build 479 Version Details Vulnerabilities
39 Application Mcfunsoft Ipod Audio Studio 6.2.4 Version Details Vulnerabilities
40 Application Mcfunsoft Ipod Music Converter 5.1 Version Details Vulnerabilities
41 Application Mcfunsoft Recording To Ipod Solution 5.1 Version Details Vulnerabilities
42 Application Mediatox Aurora Media Workshop 3.3.25 Version Details Vulnerabilities
43 Application Movavi Chiliburner 2.3 Version Details Vulnerabilities
44 Application Movavi Convertmovie 4.4 Version Details Vulnerabilities
45 Application Movavi Dvd To Ipod 1.0 Version Details Vulnerabilities
46 Application Movavi Splitmovie 1.4 Version Details Vulnerabilities
47 Application Movavi Suite 3.5 Version Details Vulnerabilities
48 Application Movavi Videomessage 1.0 Version Details Vulnerabilities
49 Application Mp3-soft Mp3 Normalizer 1.03 Version Details Vulnerabilities
50 Application Mystik Media Products Audioedit Deluxe 4.10 Version Details Vulnerabilities
51 Application Mystik Media Products Blaze Media Pro 7.0 Version Details Vulnerabilities
52 Application Mystik Media Products Blaze Mediaconvert 3.4 Version Details Vulnerabilities
53 Application Mystik Media Products Contextconvert Pro 3.1 Version Details Vulnerabilities
54 Application Nctsoft Products Nctaudioeditor 2.7.1 Version Details Vulnerabilities
55 Application Nctsoft Products Nctaudiofile2 Version Details Vulnerabilities
56 Application Nctsoft Products Nctaudiostudio 2.7.1 Version Details Vulnerabilities
57 Application Nctsoft Products Nctdialogicvoice 2.7.1 Version Details Vulnerabilities
58 Application Nextlevel Systems Audio Editor Gold 9.2.5 Build 424 Version Details Vulnerabilities
59 Application Nextlevel Systems Audio Studio Gold 7.0.1.1 Build 500 Version Details Vulnerabilities
60 Application Quikscribe Quikscribe Player 5.022.05 Version Details Vulnerabilities
61 Application Quikscribe Quikscribe Recorder 5.021.29 Version Details Vulnerabilities
62 Application Recordnrip Recordnrip 1.0 Version Details Vulnerabilities
63 Application Rmbsoft Audioconvert 3.1.0.125 Version Details Vulnerabilities
64 Application Rmbsoft Soundedit Pro 2.1 Version Details Vulnerabilities
65 Application Roemer Software Easy Hi-q Converter 1.7 Version Details Vulnerabilities
66 Application Roemer Software Easy Hi-q Recorder 2.0 Version Details Vulnerabilities
67 Application Roemer Software Free Hi-q Recorder 1.9 Version Details Vulnerabilities
68 Application Sienzo Digital Music Mentor 2.6.0.3 Version Details Vulnerabilities
69 Application Smart Media Systems Power Audio Editor 11.0.1 Version Details Vulnerabilities
70 Application Softdiv Softare Dexster 3.0 Version Details Vulnerabilities
71 Application Softdiv Softare Ivideomax 3.9 Version Details Vulnerabilities
72 Application Softdiv Softare Mp3 To Wav Converter 3.0 Version Details Vulnerabilities
73 Application Softdiv Softare Snosh 1.4 Version Details Vulnerabilities
74 Application Softdiv Softare Videozilla 2.5 Version Details Vulnerabilities
75 Application Virtual Cd Virtual Cd 6.0.0.7 Version Details Vulnerabilities
76 Application Virtual Cd Virtual Cd 7.1.0.2 Version Details Vulnerabilities
77 Application Virtual Cd Virtual Cd 8.0.0.6 Version Details Vulnerabilities
78 Application Virtual Cd Virtual Cd File Server 7.1.0.3 Version Details Vulnerabilities
79 Application Xrlly Software Arial Audio Converter 2.3.40 Version Details Vulnerabilities
80 Application Xrlly Software Arial Sound Recorder 1.4.3 Version Details Vulnerabilities
81 Application Xrlly Software Text To Speech Maker 1.3.8 Version Details Vulnerabilities
82 Application Xwaver.com Magic Audio Editor Pro 10.3.1 Build 476 Version Details Vulnerabilities
83 Application Xwaver.com Magic Music Studio Pro 7.0.2.1 Build 500 Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Altdo Convert Mp3 Master 1
Altdo Mp3 Record And Edit Audio Master 1
Americanshareware Mp3 Wav Converter 1
Audio Edit Magic Audio Edit Magic 1
Bearshare Bearshare 1
Cdburnerxp Cdburnerxp Pro 1
Cheetahburner Cheetah Cd Burner 1
Cheetahburner Cheetah Dvd Burner 1
Code-it Softare Abasic Editor 1
Code-it Softare Wave Mp3 Editor 1
Dandans Digital Media Products Easy Audio Editor 1
Dandans Digital Media Products Full Audio Converter 1
Dandans Digital Media Products Music Editing Master 1
Dandans Digital Media Products Visual Video Converter 1
Digital Borneo Audio Mixer And Editor 1
Easy Ringtone Maker Easy Ringtone Maker 1
Expstudio Audio Editor 1
Iaudiosoft.com Absolute Mp3 Splitter 1
Iaudiosoft.com Absolute Sound Recorder 1
Iaudiosoft.com Absolute Video To Audio Converter 1
Imesh.com Imesh 1
J Hepple Products Fx Audio Concat 1
J Hepple Products Fx Audio Editor 1
J Hepple Products Fx Audio Tools 1
J Hepple Products Fx Magic Music 1
J Hepple Products Fx Movie Joiner 1
J Hepple Products Fx Movie Joiner And Splitter 1
J Hepple Products Fx Movie Splitter 1
J Hepple Products Fx New Sound 1
J Hepple Products Fx Video Converter 1
Joshua Mediasoft Audio Convertor Plus 1
Joshua Mediasoft Video Converter Plus 1
Magicvideosoftare Magic Audio Converter 1
Magicvideosoftare Magic Audio Recorder 1
Magicvideosoftare Magic Music Editor 1
Mcfunsoft Audio Editor 1
Mcfunsoft Audio Recorder For Free 1
Mcfunsoft Audio Studio 1
Mcfunsoft Ipod Audio Studio 1
Mcfunsoft Ipod Music Converter 1
Mcfunsoft Recording To Ipod Solution 1
Mediatox Aurora Media Workshop 1
Movavi Chiliburner 1
Movavi Convertmovie 1
Movavi Dvd To Ipod 1
Movavi Splitmovie 1
Movavi Suite 1
Movavi Videomessage 1
Mp3-soft Mp3 Normalizer 1
Mystik Media Products Audioedit Deluxe 1
Mystik Media Products Blaze Media Pro 1
Mystik Media Products Blaze Mediaconvert 1
Mystik Media Products Contextconvert Pro 1
Nctsoft Products Nctaudioeditor 1
Nctsoft Products Nctaudiofile2 1
Nctsoft Products Nctaudiostudio 1
Nctsoft Products Nctdialogicvoice 1
Nextlevel Systems Audio Editor Gold 1
Nextlevel Systems Audio Studio Gold 1
Quikscribe Quikscribe Player 1
Quikscribe Quikscribe Recorder 1
Recordnrip Recordnrip 1
Rmbsoft Audioconvert 1
Rmbsoft Soundedit Pro 1
Roemer Software Easy Hi-q Converter 1
Roemer Software Easy Hi-q Recorder 1
Roemer Software Free Hi-q Recorder 1
Sienzo Digital Music Mentor 1
Smart Media Systems Power Audio Editor 1
Softdiv Softare Dexster 1
Softdiv Softare Ivideomax 1
Softdiv Softare Mp3 To Wav Converter 1
Softdiv Softare Snosh 1
Softdiv Softare Videozilla 1
Virtual Cd Virtual Cd 3
Virtual Cd Virtual Cd File Server 1
Xrlly Software Arial Audio Converter 1
Xrlly Software Arial Sound Recorder 1
Xrlly Software Text To Speech Maker 1
Xwaver.com Magic Audio Editor Pro 1
Xwaver.com Magic Music Studio Pro 1

- References For CVE-2007-0018

http://secunia.com/advisories/23753
SECUNIA 23753
http://secunia.com/advisories/23795
SECUNIA 23795
http://secunia.com/advisories/25993
SECUNIA 25993
http://secunia.com/advisories/26100
SECUNIA 26100
http://secunia.com/advisories/26046
SECUNIA 26046
http://secunia.com/advisories/26101
SECUNIA 26101
http://secunia.com/advisories/28407
SECUNIA 28407
http://secunia.com/secunia_research/2007-50/advisory/
http://www.securityfocus.com/archive/1/archive/1/457936/100/200/threaded
BUGTRAQ 20070124 Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX ControlBuffer Overflow
http://www.securityfocus.com/archive/1/archive/1/457940/100/200/threaded
BUGTRAQ 20070124 Secunia Research: Sienzo Digital Music Mentor NCTAudioFile2ActiveX Control Buffer Overflow
http://www.securityfocus.com/bid/22196
BID 22196 NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability Release Date:2008-07-31
http://www.securityfocus.com/archive/1/archive/1/457965/100/200/threaded
BUGTRAQ 20070124 Re: Secunia Research: NCTsoft Products NCTAudioFile2 ActiveXControl Buffer Overflow
http://www.securityfocus.com/bid/23892
BID 23892 RETIRED: Musiclab BearShare NCTAudioFile2 ActiveX Control Buffer Overflow Vulnerability Release Date:2007-05-09
http://xforce.iss.net/xforce/xfdb/31707
XF nctaudiofile2-multiple-bo(31707)
http://secunia.com/advisories/23485
SECUNIA 23485
http://secunia.com/advisories/23475
SECUNIA 23475
http://secunia.com/advisories/23493
SECUNIA 23493
http://secunia.com/advisories/23511
SECUNIA 23511
http://secunia.com/advisories/23495
SECUNIA 23495
http://secunia.com/advisories/23516
SECUNIA 23516
http://secunia.com/advisories/23532
SECUNIA 23532
http://secunia.com/advisories/23530
SECUNIA 23530
http://secunia.com/advisories/23543
SECUNIA 23543
http://secunia.com/advisories/23552
SECUNIA 23552
http://secunia.com/advisories/23551
SECUNIA 23551
http://secunia.com/advisories/23553
SECUNIA 23553
http://secunia.com/advisories/23568
SECUNIA 23568
http://secunia.com/advisories/23557
SECUNIA 23557
http://secunia.com/advisories/30406
SECUNIA 30406
http://secunia.com/advisories/30424
SECUNIA 30424
http://secunia.com/advisories/30446
SECUNIA 30446
http://secunia.com/advisories/30439
SECUNIA 30439
http://secunia.com/advisories/30447
SECUNIA 30447
http://secunia.com/advisories/30450
SECUNIA 30450
http://secunia.com/blog/6/
http://secunia.com/advisories/30459
SECUNIA 30459
http://secunia.com/secunia_research/2007-10/advisory/
http://secunia.com/secunia_research/2007-11/advisory/
http://secunia.com/secunia_research/2007-12/advisory/
http://secunia.com/secunia_research/2007-13/advisory/
http://secunia.com/secunia_research/2007-14/advisory/
http://secunia.com/secunia_research/2007-15/advisory/
http://secunia.com/secunia_research/2007-16/advisory/
http://secunia.com/secunia_research/2007-17/advisory/
http://secunia.com/secunia_research/2007-18/advisory/
http://secunia.com/secunia_research/2007-19/advisory/
http://secunia.com/secunia_research/2007-2/advisory/
http://secunia.com/secunia_research/2007-20/advisory/
http://secunia.com/secunia_research/2007-21/advisory/
http://secunia.com/secunia_research/2007-22/advisory/
http://secunia.com/secunia_research/2007-23/advisory/
http://secunia.com/secunia_research/2007-24/advisory/
http://secunia.com/secunia_research/2007-25/advisory/
http://secunia.com/secunia_research/2007-26/advisory/
http://secunia.com/secunia_research/2007-27/advisory/
http://secunia.com/secunia_research/2007-28/advisory/
http://secunia.com/secunia_research/2007-29/advisory/
http://secunia.com/secunia_research/2007-3/advisory/
http://secunia.com/secunia_research/2007-30/advisory/
http://secunia.com/secunia_research/2007-31/advisory/
http://secunia.com/secunia_research/2007-32/advisory/
http://secunia.com/secunia_research/2007-33/advisory/
http://secunia.com/secunia_research/2007-34/advisory/
http://secunia.com/secunia_research/2007-4/advisory/
http://secunia.com/secunia_research/2007-5/advisory/
http://secunia.com/secunia_research/2007-6/advisory/
http://secunia.com/secunia_research/2007-7/advisory/
http://secunia.com/secunia_research/2007-8/advisory/
http://secunia.com/secunia_research/2007-9/advisory/
http://www.frsirt.com/english/advisories/2007/0310
VUPEN ADV-2007-0310
http://www.kb.cert.org/vuls/id/292713
CERT-VN VU#292713
http://secunia.com/advisories/23745
SECUNIA 23745
http://secunia.com/advisories/23565
SECUNIA 23565
http://secunia.com/advisories/23562
SECUNIA 23562
http://secunia.com/advisories/23561
SECUNIA 23561
http://secunia.com/advisories/23560
SECUNIA 23560
http://secunia.com/advisories/23558
SECUNIA 23558
http://secunia.com/advisories/23554
SECUNIA 23554
http://secunia.com/advisories/23550
SECUNIA 23550
http://secunia.com/advisories/23548
SECUNIA 23548
http://secunia.com/advisories/23546
SECUNIA 23546
http://secunia.com/advisories/23544
SECUNIA 23544
http://secunia.com/advisories/23542
SECUNIA 23542
http://secunia.com/advisories/23541
SECUNIA 23541
http://secunia.com/advisories/23536
SECUNIA 23536
http://secunia.com/advisories/23535
SECUNIA 23535
http://secunia.com/advisories/23534
SECUNIA 23534
http://secunia.com/advisories/22922
SECUNIA 22922

- Metasploit Modules Related To CVE-2007-0018

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.