National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2007-0018 Detail

Current Description

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.

Source:  MITRE
View Analysis Description

Impact

CVSS v2.0 Severity and Metrics:

Base Score: 9.3 HIGH
Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) (V2 legend)
Impact Subscore: 10.0
Exploitability Subscore: 8.6


Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete
Additional Information:
Victim must voluntarily interact with attack mechanism
Provides administrator access
Allows unauthorized disclosure of information
Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://www.kb.cert.org/vuls/id/292713 US Government Resource
http://www.securityfocus.com/archive/1/457936/100/200/threaded
http://www.securityfocus.com/archive/1/457940/100/200/threaded
http://www.securityfocus.com/archive/1/457965/100/200/threaded
http://www.securityfocus.com/bid/22196
http://www.securityfocus.com/bid/23892
http://www.vupen.com/english/advisories/2007/0310
https://exchange.xforce.ibmcloud.com/vulnerabilities/31707

Technical Details

Vulnerability Type (View All)

  • Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )
 cpe:2.3:a:altdo:convert_mp3_master:1.1:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:altdo:mp3_record_and_edit_audio_master:1.2:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:americanshareware:mp3_wav_converter:3.1.8:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:audio_edit_magic:audio_edit_magic:9.2.3_389:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:bearshare:bearshare:6.0.2.26789:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:cdburnerxp:cdburnerxp_pro:3.0.116:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:cheetahburner:cheetah_cd_burner:3.56:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:cheetahburner:cheetah_dvd_burner:1.79:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:code-it_softare:abasic_editor:10.1:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:code-it_softare:wave_mp3_editor:10.1:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:dandans_digital_media_products:easy_audio_editor:7.4:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:dandans_digital_media_products:full_audio_converter:4.2:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:dandans_digital_media_products:music_editing_master:5.2:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:dandans_digital_media_products:visual_video_converter:4.4:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:digital_borneo:audio_mixer_and_editor:1.1.0:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:easy_ringtone_maker:easy_ringtone_maker:2.0.5:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:expstudio:audio_editor:4.0.2:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:iaudiosoft.com:absolute_mp3_splitter:2.5.4:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:iaudiosoft.com:absolute_sound_recorder:3.4.5:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:iaudiosoft.com:absolute_video_to_audio_converter:2.7.9:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:imesh.com:imesh:7.0.2.26789:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:j_hepple_products:fx_audio_concat:1.2.0_beta:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:j_hepple_products:fx_audio_editor:4.7.11:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:j_hepple_products:fx_audio_tools:7.3.4:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:j_hepple_products:fx_magic_music:5.7.7:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:j_hepple_products:fx_movie_joiner:6.2.8:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:j_hepple_products:fx_movie_joiner_and_splitter:6.2.8:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:j_hepple_products:fx_movie_splitter:6.4.7:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:j_hepple_products:fx_new_sound:5.1.1:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:j_hepple_products:fx_video_converter:7.51.21:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:joshua_mediasoft:audio_convertor_plus:2.2:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:joshua_mediasoft:video_converter_plus:3.01:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:magicvideosoftare:magic_audio_converter:8.2.6_build_719:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:magicvideosoftare:magic_audio_recorder:5.3.7:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:magicvideosoftare:magic_music_editor:5.2.2:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:mcfunsoft:audio_editor:6.3.3_build_489:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:mcfunsoft:audio_recorder_for_free:6.1:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:mcfunsoft:audio_studio:6.6.3_build_479:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:mcfunsoft:ipod_audio_studio:6.2.4:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:mcfunsoft:ipod_music_converter:5.1:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:mcfunsoft:recording_to_ipod_solution:5.1:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:mediatox:aurora_media_workshop:3.3.25:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:movavi:chiliburner:2.3:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:movavi:convertmovie:4.4:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:movavi:dvd_to_ipod:1.0:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:movavi:splitmovie:1.4:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:movavi:suite:3.5:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:movavi:videomessage:1.0:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:mp3-soft:mp3_normalizer:1.03:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:mystik_media_products:audioedit_deluxe:4.10:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:mystik_media_products:blaze_media_pro:7.0:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:mystik_media_products:blaze_mediaconvert:3.4:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:mystik_media_products:contextconvert_pro:3.1:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:nctsoft_products:nctaudioeditor:2.7.1:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:nctsoft_products:nctaudiofile2:*:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:nctsoft_products:nctaudiostudio:2.7.1:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:nctsoft_products:nctdialogicvoice:2.7.1:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:nextlevel_systems:audio_editor_gold:9.2.5_build_424:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:nextlevel_systems:audio_studio_gold:7.0.1.1_build_500:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:quikscribe:quikscribe_player:5.022.05:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:quikscribe:quikscribe_recorder:5.021.29:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:recordnrip:recordnrip:1.0:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:rmbsoft:audioconvert:3.1.0.125:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:rmbsoft:soundedit_pro:2.1:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:roemer_software:easy_hi-q_converter:1.7:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:roemer_software:easy_hi-q_recorder:2.0:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:roemer_software:free_hi-q_recorder:1.9:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:sienzo:digital_music_mentor:2.6.0.3:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:smart_media_systems:power_audio_editor:11.0.1:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:softdiv_softare:dexster:3.0:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:softdiv_softare:ivideomax:3.9:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:softdiv_softare:mp3_to_wav_converter:3.0:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:softdiv_softare:snosh:1.4:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:softdiv_softare:videozilla:2.5:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:virtual_cd:virtual_cd:6.0.0.7:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:virtual_cd:virtual_cd:7.1.0.2:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:virtual_cd:virtual_cd:8.0.0.6:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:virtual_cd:virtual_cd_file_server:7.1.0.3:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:xrlly_software:arial_audio_converter:2.3.40:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:xrlly_software:arial_sound_recorder:1.4.3:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:xrlly_software:text_to_speech_maker:1.3.8:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:xwaver.com:magic_audio_editor_pro:10.3.1_build_476:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:xwaver.com:magic_music_studio_pro:7.0.2.1_build_500:*:*:*:*:*:*:*
     Show Matching CPE(s)


Change History

3 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2007-0018
NVD Published Date:
01/24/2007
NVD Last Modified:
10/16/2018