CVE-2007-0018 - Vulnerability Details

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.80885.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:altdo:convert_mp3_master:1.1:::::::*
	cpe:2.3:a:altdo:mp3_record_and_edit_audio_master:1.2:::::::*
	cpe:2.3:a:americanshareware:mp3_wav_converter:3.1.8:::::::*
	cpe:2.3:a:audio_edit_magic:audio_edit_magic:9.2.3_389:::::::*
	cpe:2.3:a:bearshare:bearshare:6.0.2.26789:::::::*
	cpe:2.3:a:cdburnerxp:cdburnerxp_pro:3.0.116:::::::*
	cpe:2.3:a:cheetahburner:cheetah_cd_burner:3.56:::::::*
	cpe:2.3:a:cheetahburner:cheetah_dvd_burner:1.79:::::::*
	cpe:2.3:a:code-it_softare:abasic_editor:10.1:::::::*
	cpe:2.3:a:code-it_softare:wave_mp3_editor:10.1:::::::*
	cpe:2.3:a:dandans_digital_media_products:easy_audio_editor:7.4:::::::*
	cpe:2.3:a:dandans_digital_media_products:full_audio_converter:4.2:::::::*
	cpe:2.3:a:dandans_digital_media_products:music_editing_master:5.2:::::::*
	cpe:2.3:a:dandans_digital_media_products:visual_video_converter:4.4:::::::*
	cpe:2.3:a:digital_borneo:audio_mixer_and_editor:1.1.0:::::::*
	cpe:2.3:a:easy_ringtone_maker:easy_ringtone_maker:2.0.5:::::::*
	cpe:2.3:a:expstudio:audio_editor:4.0.2:::::::*
	cpe:2.3:a:iaudiosoft.com:absolute_mp3_splitter:2.5.4:::::::*
	cpe:2.3:a:iaudiosoft.com:absolute_sound_recorder:3.4.5:::::::*
	cpe:2.3:a:iaudiosoft.com:absolute_video_to_audio_converter:2.7.9:::::::*
	cpe:2.3:a:imesh.com:imesh:7.0.2.26789:::::::*
	cpe:2.3:a:j_hepple_products:fx_audio_concat:1.2.0_beta:::::::*
	cpe:2.3:a:j_hepple_products:fx_audio_editor:4.7.11:::::::*
	cpe:2.3:a:j_hepple_products:fx_audio_tools:7.3.4:::::::*
	cpe:2.3:a:j_hepple_products:fx_magic_music:5.7.7:::::::*
	cpe:2.3:a:j_hepple_products:fx_movie_joiner:6.2.8:::::::*
	cpe:2.3:a:j_hepple_products:fx_movie_joiner_and_splitter:6.2.8:::::::*
	cpe:2.3:a:j_hepple_products:fx_movie_splitter:6.4.7:::::::*
	cpe:2.3:a:j_hepple_products:fx_new_sound:5.1.1:::::::*
	cpe:2.3:a:j_hepple_products:fx_video_converter:7.51.21:::::::*
	cpe:2.3:a:joshua_mediasoft:audio_convertor_plus:2.2:::::::*
	cpe:2.3:a:joshua_mediasoft:video_converter_plus:3.01:::::::*
	cpe:2.3:a:magicvideosoftare:magic_audio_converter:8.2.6_build_719:::::::*
	cpe:2.3:a:magicvideosoftare:magic_audio_recorder:5.3.7:::::::*
	cpe:2.3:a:magicvideosoftare:magic_music_editor:5.2.2:::::::*
	cpe:2.3:a:mcfunsoft:audio_editor:6.3.3_build_489:::::::*
	cpe:2.3:a:mcfunsoft:audio_recorder_for_free:6.1:::::::*
	cpe:2.3:a:mcfunsoft:audio_studio:6.6.3_build_479:::::::*
	cpe:2.3:a:mcfunsoft:ipod_audio_studio:6.2.4:::::::*
	cpe:2.3:a:mcfunsoft:ipod_music_converter:5.1:::::::*
	cpe:2.3:a:mcfunsoft:recording_to_ipod_solution:5.1:::::::*
	cpe:2.3:a:mediatox:aurora_media_workshop:3.3.25:::::::*
	cpe:2.3:a:movavi:chiliburner:2.3:::::::*
	cpe:2.3:a:movavi:convertmovie:4.4:::::::*
	cpe:2.3:a:movavi:dvd_to_ipod:1.0:::::::*
	cpe:2.3:a:movavi:splitmovie:1.4:::::::*
	cpe:2.3:a:movavi:suite:3.5:::::::*
	cpe:2.3:a:movavi:videomessage:1.0:::::::*
	cpe:2.3:a:mp3-soft:mp3_normalizer:1.03:::::::*
	cpe:2.3:a:mystik_media_products:audioedit_deluxe:4.10:::::::*
	cpe:2.3:a:mystik_media_products:blaze_media_pro:7.0:::::::*
	cpe:2.3:a:mystik_media_products:blaze_mediaconvert:3.4:::::::*
	cpe:2.3:a:mystik_media_products:contextconvert_pro:3.1:::::::*
	cpe:2.3:a:nctsoft_products:nctaudioeditor:2.7.1:::::::*
	cpe:2.3:a:nctsoft_products:nctaudiofile2::::::::
	cpe:2.3:a:nctsoft_products:nctaudiostudio:2.7.1:::::::*
	cpe:2.3:a:nctsoft_products:nctdialogicvoice:2.7.1:::::::*
	cpe:2.3:a:nextlevel_systems:audio_editor_gold:9.2.5_build_424:::::::*
	cpe:2.3:a:nextlevel_systems:audio_studio_gold:7.0.1.1_build_500:::::::*
	cpe:2.3:a:quikscribe:quikscribe_player:5.022.05:::::::*
	cpe:2.3:a:quikscribe:quikscribe_recorder:5.021.29:::::::*
	cpe:2.3:a:recordnrip:recordnrip:1.0:::::::*
	cpe:2.3:a:rmbsoft:audioconvert:3.1.0.125:::::::*
	cpe:2.3:a:rmbsoft:soundedit_pro:2.1:::::::*
cpe:2.3:a:roemer_software:easy_hi-q_converter:1.7:::::::*
cpe:2.3:a:roemer_software:easy_hi-q_recorder:2.0:::::::*
cpe:2.3:a:roemer_software:free_hi-q_recorder:1.9:::::::*
cpe:2.3:a:sienzo:digital_music_mentor:2.6.0.3:::::::*
cpe:2.3:a:smart_media_systems:power_audio_editor:11.0.1:::::::*
cpe:2.3:a:softdiv_softare:dexster:3.0:::::::*
cpe:2.3:a:softdiv_softare:ivideomax:3.9:::::::*
cpe:2.3:a:softdiv_softare:mp3_to_wav_converter:3.0:::::::*
cpe:2.3:a:softdiv_softare:snosh:1.4:::::::*
cpe:2.3:a:softdiv_softare:videozilla:2.5:::::::*
cpe:2.3:a:virtual_cd:virtual_cd:6.0.0.7:::::::*
cpe:2.3:a:virtual_cd:virtual_cd:7.1.0.2:::::::*
cpe:2.3:a:virtual_cd:virtual_cd:8.0.0.6:::::::*
cpe:2.3:a:virtual_cd:virtual_cd_file_server:7.1.0.3:::::::*
cpe:2.3:a:xrlly_software:arial_audio_converter:2.3.40:::::::*
cpe:2.3:a:xrlly_software:arial_sound_recorder:1.4.3:::::::*
cpe:2.3:a:xrlly_software:text_to_speech_maker:1.3.8:::::::*
cpe:2.3:a:xwaver.com:magic_audio_editor_pro:10.3.1_build_476:::::::*
cpe:2.3:a:xwaver.com:magic_music_studio_pro:7.0.2.1_build_500:::::::*

No data.

Project Subscriptions

Vendors	Products
Altdo Subscribe	Convert Mp3 Master Subscribe Mp3 Record And Edit Audio Master Subscribe
Americanshareware Subscribe	Mp3 Wav Converter Subscribe
Audio Edit Magic Subscribe	Audio Edit Magic Subscribe
Bearshare Subscribe	Bearshare Subscribe
Cdburnerxp Subscribe	Cdburnerxp Pro Subscribe
Cheetahburner Subscribe	Cheetah Cd Burner Subscribe Cheetah Dvd Burner Subscribe
Code-it Softare Subscribe	Abasic Editor Subscribe Wave Mp3 Editor Subscribe
Dandans Digital Media Products Subscribe	Easy Audio Editor Subscribe Full Audio Converter Subscribe Music Editing Master Subscribe Visual Video Converter Subscribe
Digital Borneo Subscribe	Audio Mixer And Editor Subscribe
Easy Ringtone Maker Subscribe	Easy Ringtone Maker Subscribe
Expstudio Subscribe	Audio Editor Subscribe
Iaudiosoft.com Subscribe	Absolute Mp3 Splitter Subscribe Absolute Sound Recorder Subscribe Absolute Video To Audio Converter Subscribe
Imesh.com Subscribe	Imesh Subscribe
J Hepple Products Subscribe	Fx Audio Concat Subscribe Fx Audio Editor Subscribe Fx Audio Tools Subscribe Fx Magic Music Subscribe Fx Movie Joiner Subscribe Fx Movie Joiner And Splitter Subscribe Fx Movie Splitter Subscribe Fx New Sound Subscribe Fx Video Converter Subscribe
Joshua Mediasoft Subscribe	Audio Convertor Plus Subscribe Video Converter Plus Subscribe
Magicvideosoftare Subscribe	Magic Audio Converter Subscribe Magic Audio Recorder Subscribe Magic Music Editor Subscribe
Mcfunsoft Subscribe	Audio Editor Subscribe Audio Recorder For Free Subscribe Audio Studio Subscribe Ipod Audio Studio Subscribe Ipod Music Converter Subscribe Recording To Ipod Solution Subscribe
Mediatox Subscribe	Aurora Media Workshop Subscribe
Movavi Subscribe	Chiliburner Subscribe Convertmovie Subscribe Dvd To Ipod Subscribe Splitmovie Subscribe Suite Subscribe Videomessage Subscribe
Mp3-soft Subscribe	Mp3 Normalizer Subscribe
Mystik Media Products Subscribe	Audioedit Deluxe Subscribe Blaze Media Pro Subscribe Blaze Mediaconvert Subscribe Contextconvert Pro Subscribe
Nctsoft Products Subscribe	Nctaudioeditor Subscribe Nctaudiofile2 Subscribe Nctaudiostudio Subscribe Nctdialogicvoice Subscribe
Nextlevel Systems Subscribe	Audio Editor Gold Subscribe Audio Studio Gold Subscribe
Quikscribe Subscribe	Quikscribe Player Subscribe Quikscribe Recorder Subscribe
Recordnrip Subscribe	Recordnrip Subscribe
Rmbsoft Subscribe	Audioconvert Subscribe Soundedit Pro Subscribe
Roemer Software Subscribe	Easy Hi-q Converter Subscribe Easy Hi-q Recorder Subscribe Free Hi-q Recorder Subscribe
Sienzo Subscribe	Digital Music Mentor Subscribe
Smart Media Systems Subscribe	Power Audio Editor Subscribe
Softdiv Softare Subscribe	Dexster Subscribe Ivideomax Subscribe Mp3 To Wav Converter Subscribe Snosh Subscribe Videozilla Subscribe
Virtual Cd Subscribe	Virtual Cd Subscribe Virtual Cd File Server Subscribe
Xrlly Software Subscribe	Arial Audio Converter Subscribe Arial Sound Recorder Subscribe Text To Speech Maker Subscribe
Xwaver.com Subscribe	Magic Audio Editor Pro Subscribe Magic Music Studio Pro Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://secunia.com/advisories/22922
http://secunia.com/advisories/23475
http://secunia.com/advisories/23485
http://secunia.com/advisories/23493
http://secunia.com/advisories/23495
http://secunia.com/advisories/23511
http://secunia.com/advisories/23516
http://secunia.com/advisories/23530
http://secunia.com/advisories/23532
http://secunia.com/advisories/23534
http://secunia.com/advisories/23535
http://secunia.com/advisories/23536
http://secunia.com/advisories/23541
http://secunia.com/advisories/23542
http://secunia.com/advisories/23543
http://secunia.com/advisories/23544
http://secunia.com/advisories/23546
http://secunia.com/advisories/23548
http://secunia.com/advisories/23550
http://secunia.com/advisories/23551
http://secunia.com/advisories/23552
http://secunia.com/advisories/23553
http://secunia.com/advisories/23554
http://secunia.com/advisories/23557
http://secunia.com/advisories/23558
http://secunia.com/advisories/23560
http://secunia.com/advisories/23561
http://secunia.com/advisories/23562
http://secunia.com/advisories/23565
http://secunia.com/advisories/23568
http://secunia.com/advisories/23745
http://secunia.com/advisories/23753
http://secunia.com/advisories/23795
http://secunia.com/advisories/25993
http://secunia.com/advisories/26046
http://secunia.com/advisories/26100
http://secunia.com/advisories/26101
http://secunia.com/advisories/28407
http://secunia.com/advisories/30406
http://secunia.com/advisories/30424
http://secunia.com/advisories/30439
http://secunia.com/advisories/30446
http://secunia.com/advisories/30447
http://secunia.com/advisories/30450
http://secunia.com/advisories/30459
http://secunia.com/blog/6/
http://secunia.com/secunia_research/2007-10/advisory/
http://secunia.com/secunia_research/2007-11/advisory/
http://secunia.com/secunia_research/2007-12/advisory/
http://secunia.com/secunia_research/2007-13/advisory/
http://secunia.com/secunia_research/2007-14/advisory/
http://secunia.com/secunia_research/2007-15/advisory/
http://secunia.com/secunia_research/2007-16/advisory/
http://secunia.com/secunia_research/2007-17/advisory/
http://secunia.com/secunia_research/2007-18/advisory/
http://secunia.com/secunia_research/2007-19/advisory/
http://secunia.com/secunia_research/2007-2/advisory/
http://secunia.com/secunia_research/2007-20/advisory/
http://secunia.com/secunia_research/2007-21/advisory/
http://secunia.com/secunia_research/2007-22/advisory/
http://secunia.com/secunia_research/2007-23/advisory/
http://secunia.com/secunia_research/2007-24/advisory/
http://secunia.com/secunia_research/2007-25/advisory/
http://secunia.com/secunia_research/2007-26/advisory/
http://secunia.com/secunia_research/2007-27/advisory/
http://secunia.com/secunia_research/2007-28/advisory/
http://secunia.com/secunia_research/2007-29/advisory/
http://secunia.com/secunia_research/2007-3/advisory/
http://secunia.com/secunia_research/2007-30/advisory/
http://secunia.com/secunia_research/2007-31/advisory/
http://secunia.com/secunia_research/2007-32/advisory/
http://secunia.com/secunia_research/2007-33/advisory/
http://secunia.com/secunia_research/2007-34/advisory/
http://secunia.com/secunia_research/2007-4/advisory/
http://secunia.com/secunia_research/2007-5/advisory/
http://secunia.com/secunia_research/2007-50/advisory/
http://secunia.com/secunia_research/2007-6/advisory/
http://secunia.com/secunia_research/2007-7/advisory/
http://secunia.com/secunia_research/2007-8/advisory/
http://secunia.com/secunia_research/2007-9/advisory/
http://www.kb.cert.org/vuls/id/292713
http://www.securityfocus.com/archive/1/457936/100/200/threaded
http://www.securityfocus.com/archive/1/457940/100/200/threaded
http://www.securityfocus.com/archive/1/457965/100/200/threaded
http://www.securityfocus.com/bid/22196
http://www.securityfocus.com/bid/23892
http://www.vupen.com/english/advisories/2007/0310
https://exchange.xforce.ibmcloud.com/vulnerabilities/31707

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2007-01-25T02:00:00.000Z

Updated: 2024-08-07T12:03:36.587Z

Reserved: 2007-01-02T05:00:00.000Z

Link: CVE-2007-0018

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-01-24T21:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0018

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-119

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object