Vulnerability Description
NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Burnaware Technologies | Burnaware | 2.1.3 |
| Impressum | Cdburnerxp | 4.2.1.976 |
| Numedia Soft | Numedia Dvd Burning Sdk | 1.008 |
Related Weaknesses (CWE)
References
- http://retrogod.altervista.org/9sg_numedia_xpl.htmlExploit
- http://secunia.com/advisories/31936Vendor Advisory
- http://secunia.com/advisories/31949Vendor Advisory
- http://secunia.com/advisories/31950Vendor Advisory
- http://secunia.com/advisories/32455Vendor Advisory
- http://www.securityfocus.com/archive/1/497831/100/0/threaded
- http://www.securityfocus.com/bid/31374Exploit
- http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcqExploitURL Repurposed
- http://www.vupen.com/english/advisories/2008/2663Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45330
- https://www.exploit-db.com/exploits/6491
- http://retrogod.altervista.org/9sg_numedia_xpl.htmlExploit
- http://secunia.com/advisories/31936Vendor Advisory
- http://secunia.com/advisories/31949Vendor Advisory
- http://secunia.com/advisories/31950Vendor Advisory
FAQ
What is CVE-2008-4342?
CVE-2008-4342 is a vulnerability with a CVSS score of 9.3 (HIGH). NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, ...
How severe is CVE-2008-4342?
CVE-2008-4342 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4342?
Check the references section above for vendor advisories and patch information. Affected products include: Burnaware Technologies Burnaware, Impressum Cdburnerxp, Numedia Soft Numedia Dvd Burning Sdk.