1. Home
  2. CVE Database
  3. CVE-2007-0018
HIGH · 9.3

CVE-2007-0018

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to t...

Vulnerability Description

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
AltdoConvert Mp3 Master1.1
AltdoMp3 Record And Edit Audio Master1.2
AmericansharewareMp3 Wav Converter3.1.8
Audio Edit MagicAudio Edit Magic9.2.3_389
BearshareBearshare6.0.2.26789
CdburnerxpCdburnerxp Pro3.0.116
CheetahburnerCheetah Cd Burner3.56
CheetahburnerCheetah Dvd Burner1.79
Code-It SoftareAbasic Editor10.1
Code-It SoftareWave Mp3 Editor10.1
Dandans Digital Media ProductsEasy Audio Editor7.4
Dandans Digital Media ProductsFull Audio Converter4.2
Dandans Digital Media ProductsMusic Editing Master5.2
Dandans Digital Media ProductsVisual Video Converter4.4
Digital BorneoAudio Mixer And Editor1.1.0
Easy Ringtone MakerEasy Ringtone Maker2.0.5
ExpstudioAudio Editor4.0.2
Iaudiosoft.ComAbsolute Mp3 Splitter2.5.4
Iaudiosoft.ComAbsolute Sound Recorder3.4.5
Iaudiosoft.ComAbsolute Video To Audio Converter2.7.9

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2007-0018?

CVE-2007-0018 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to t...

How severe is CVE-2007-0018?

CVE-2007-0018 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-0018?

Check the references section above for vendor advisories and patch information. Affected products include: Altdo Convert Mp3 Master, Altdo Mp3 Record And Edit Audio Master, Americanshareware Mp3 Wav Converter, Audio Edit Magic Audio Edit Magic, Bearshare Bearshare.