CVE-2007-0018 - Vulnerability Details

Description

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.

Published: 2007-01-24

Score: 9.3 Critical

EPSS: 79.3% High

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:altdo:convert_mp3_master:1.1:::::::*
	cpe:2.3:a:altdo:mp3_record_and_edit_audio_master:1.2:::::::*
	cpe:2.3:a:americanshareware:mp3_wav_converter:3.1.8:::::::*
	cpe:2.3:a:audio_edit_magic:audio_edit_magic:9.2.3_389:::::::*
	cpe:2.3:a:bearshare:bearshare:6.0.2.26789:::::::*
	cpe:2.3:a:cdburnerxp:cdburnerxp_pro:3.0.116:::::::*
	cpe:2.3:a:cheetahburner:cheetah_cd_burner:3.56:::::::*
	cpe:2.3:a:cheetahburner:cheetah_dvd_burner:1.79:::::::*
	cpe:2.3:a:code-it_softare:abasic_editor:10.1:::::::*
	cpe:2.3:a:code-it_softare:wave_mp3_editor:10.1:::::::*
	cpe:2.3:a:dandans_digital_media_products:easy_audio_editor:7.4:::::::*
	cpe:2.3:a:dandans_digital_media_products:full_audio_converter:4.2:::::::*
	cpe:2.3:a:dandans_digital_media_products:music_editing_master:5.2:::::::*
	cpe:2.3:a:dandans_digital_media_products:visual_video_converter:4.4:::::::*
	cpe:2.3:a:digital_borneo:audio_mixer_and_editor:1.1.0:::::::*
	cpe:2.3:a:easy_ringtone_maker:easy_ringtone_maker:2.0.5:::::::*
	cpe:2.3:a:expstudio:audio_editor:4.0.2:::::::*
	cpe:2.3:a:iaudiosoft.com:absolute_mp3_splitter:2.5.4:::::::*
	cpe:2.3:a:iaudiosoft.com:absolute_sound_recorder:3.4.5:::::::*
	cpe:2.3:a:iaudiosoft.com:absolute_video_to_audio_converter:2.7.9:::::::*
	cpe:2.3:a:imesh.com:imesh:7.0.2.26789:::::::*
	cpe:2.3:a:j_hepple_products:fx_audio_concat:1.2.0_beta:::::::*
	cpe:2.3:a:j_hepple_products:fx_audio_editor:4.7.11:::::::*
	cpe:2.3:a:j_hepple_products:fx_audio_tools:7.3.4:::::::*
	cpe:2.3:a:j_hepple_products:fx_magic_music:5.7.7:::::::*
	cpe:2.3:a:j_hepple_products:fx_movie_joiner:6.2.8:::::::*
	cpe:2.3:a:j_hepple_products:fx_movie_joiner_and_splitter:6.2.8:::::::*
	cpe:2.3:a:j_hepple_products:fx_movie_splitter:6.4.7:::::::*
	cpe:2.3:a:j_hepple_products:fx_new_sound:5.1.1:::::::*
	cpe:2.3:a:j_hepple_products:fx_video_converter:7.51.21:::::::*
	cpe:2.3:a:joshua_mediasoft:audio_convertor_plus:2.2:::::::*
	cpe:2.3:a:joshua_mediasoft:video_converter_plus:3.01:::::::*
	cpe:2.3:a:magicvideosoftare:magic_audio_converter:8.2.6_build_719:::::::*
	cpe:2.3:a:magicvideosoftare:magic_audio_recorder:5.3.7:::::::*
	cpe:2.3:a:magicvideosoftare:magic_music_editor:5.2.2:::::::*
	cpe:2.3:a:mcfunsoft:audio_editor:6.3.3_build_489:::::::*
	cpe:2.3:a:mcfunsoft:audio_recorder_for_free:6.1:::::::*
	cpe:2.3:a:mcfunsoft:audio_studio:6.6.3_build_479:::::::*
	cpe:2.3:a:mcfunsoft:ipod_audio_studio:6.2.4:::::::*
	cpe:2.3:a:mcfunsoft:ipod_music_converter:5.1:::::::*
	cpe:2.3:a:mcfunsoft:recording_to_ipod_solution:5.1:::::::*
	cpe:2.3:a:mediatox:aurora_media_workshop:3.3.25:::::::*
	cpe:2.3:a:movavi:chiliburner:2.3:::::::*
	cpe:2.3:a:movavi:convertmovie:4.4:::::::*
	cpe:2.3:a:movavi:dvd_to_ipod:1.0:::::::*
	cpe:2.3:a:movavi:splitmovie:1.4:::::::*
	cpe:2.3:a:movavi:suite:3.5:::::::*
	cpe:2.3:a:movavi:videomessage:1.0:::::::*
	cpe:2.3:a:mp3-soft:mp3_normalizer:1.03:::::::*
	cpe:2.3:a:mystik_media_products:audioedit_deluxe:4.10:::::::*
	cpe:2.3:a:mystik_media_products:blaze_media_pro:7.0:::::::*
	cpe:2.3:a:mystik_media_products:blaze_mediaconvert:3.4:::::::*
	cpe:2.3:a:mystik_media_products:contextconvert_pro:3.1:::::::*
	cpe:2.3:a:nctsoft_products:nctaudioeditor:2.7.1:::::::*
	cpe:2.3:a:nctsoft_products:nctaudiofile2::::::::
	cpe:2.3:a:nctsoft_products:nctaudiostudio:2.7.1:::::::*
	cpe:2.3:a:nctsoft_products:nctdialogicvoice:2.7.1:::::::*
	cpe:2.3:a:nextlevel_systems:audio_editor_gold:9.2.5_build_424:::::::*
	cpe:2.3:a:nextlevel_systems:audio_studio_gold:7.0.1.1_build_500:::::::*
	cpe:2.3:a:quikscribe:quikscribe_player:5.022.05:::::::*
	cpe:2.3:a:quikscribe:quikscribe_recorder:5.021.29:::::::*
	cpe:2.3:a:recordnrip:recordnrip:1.0:::::::*
	cpe:2.3:a:rmbsoft:audioconvert:3.1.0.125:::::::*
	cpe:2.3:a:rmbsoft:soundedit_pro:2.1:::::::*
cpe:2.3:a:roemer_software:easy_hi-q_converter:1.7:::::::*
cpe:2.3:a:roemer_software:easy_hi-q_recorder:2.0:::::::*
cpe:2.3:a:roemer_software:free_hi-q_recorder:1.9:::::::*
cpe:2.3:a:sienzo:digital_music_mentor:2.6.0.3:::::::*
cpe:2.3:a:smart_media_systems:power_audio_editor:11.0.1:::::::*
cpe:2.3:a:softdiv_softare:dexster:3.0:::::::*
cpe:2.3:a:softdiv_softare:ivideomax:3.9:::::::*
cpe:2.3:a:softdiv_softare:mp3_to_wav_converter:3.0:::::::*
cpe:2.3:a:softdiv_softare:snosh:1.4:::::::*
cpe:2.3:a:softdiv_softare:videozilla:2.5:::::::*
cpe:2.3:a:virtual_cd:virtual_cd:6.0.0.7:::::::*
cpe:2.3:a:virtual_cd:virtual_cd:7.1.0.2:::::::*
cpe:2.3:a:virtual_cd:virtual_cd:8.0.0.6:::::::*
cpe:2.3:a:virtual_cd:virtual_cd_file_server:7.1.0.3:::::::*
cpe:2.3:a:xrlly_software:arial_audio_converter:2.3.40:::::::*
cpe:2.3:a:xrlly_software:arial_sound_recorder:1.4.3:::::::*
cpe:2.3:a:xrlly_software:text_to_speech_maker:1.3.8:::::::*
cpe:2.3:a:xwaver.com:magic_audio_editor_pro:10.3.1_build_476:::::::*
cpe:2.3:a:xwaver.com:magic_music_studio_pro:7.0.2.1_build_500:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.79259.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://secunia.com/advisories/22922
http://secunia.com/advisories/23475
http://secunia.com/advisories/23485
http://secunia.com/advisories/23493
http://secunia.com/advisories/23495
http://secunia.com/advisories/23511
http://secunia.com/advisories/23516
http://secunia.com/advisories/23530
http://secunia.com/advisories/23532
http://secunia.com/advisories/23534
http://secunia.com/advisories/23535
http://secunia.com/advisories/23536
http://secunia.com/advisories/23541
http://secunia.com/advisories/23542
http://secunia.com/advisories/23543
http://secunia.com/advisories/23544
http://secunia.com/advisories/23546
http://secunia.com/advisories/23548
http://secunia.com/advisories/23550
http://secunia.com/advisories/23551
http://secunia.com/advisories/23552
http://secunia.com/advisories/23553
http://secunia.com/advisories/23554
http://secunia.com/advisories/23557
http://secunia.com/advisories/23558
http://secunia.com/advisories/23560
http://secunia.com/advisories/23561
http://secunia.com/advisories/23562
http://secunia.com/advisories/23565
http://secunia.com/advisories/23568
http://secunia.com/advisories/23745
http://secunia.com/advisories/23753
http://secunia.com/advisories/23795
http://secunia.com/advisories/25993
http://secunia.com/advisories/26046
http://secunia.com/advisories/26100
http://secunia.com/advisories/26101
http://secunia.com/advisories/28407
http://secunia.com/advisories/30406
http://secunia.com/advisories/30424
http://secunia.com/advisories/30439
http://secunia.com/advisories/30446
http://secunia.com/advisories/30447
http://secunia.com/advisories/30450
http://secunia.com/advisories/30459
http://secunia.com/blog/6/
http://secunia.com/secunia_research/2007-10/advisory/
http://secunia.com/secunia_research/2007-11/advisory/
http://secunia.com/secunia_research/2007-12/advisory/
http://secunia.com/secunia_research/2007-13/advisory/
http://secunia.com/secunia_research/2007-14/advisory/
http://secunia.com/secunia_research/2007-15/advisory/
http://secunia.com/secunia_research/2007-16/advisory/
http://secunia.com/secunia_research/2007-17/advisory/
http://secunia.com/secunia_research/2007-18/advisory/
http://secunia.com/secunia_research/2007-19/advisory/
http://secunia.com/secunia_research/2007-2/advisory/
http://secunia.com/secunia_research/2007-20/advisory/
http://secunia.com/secunia_research/2007-21/advisory/
http://secunia.com/secunia_research/2007-22/advisory/
http://secunia.com/secunia_research/2007-23/advisory/
http://secunia.com/secunia_research/2007-24/advisory/
http://secunia.com/secunia_research/2007-25/advisory/
http://secunia.com/secunia_research/2007-26/advisory/
http://secunia.com/secunia_research/2007-27/advisory/
http://secunia.com/secunia_research/2007-28/advisory/
http://secunia.com/secunia_research/2007-29/advisory/
http://secunia.com/secunia_research/2007-3/advisory/
http://secunia.com/secunia_research/2007-30/advisory/
http://secunia.com/secunia_research/2007-31/advisory/
http://secunia.com/secunia_research/2007-32/advisory/
http://secunia.com/secunia_research/2007-33/advisory/
http://secunia.com/secunia_research/2007-34/advisory/
http://secunia.com/secunia_research/2007-4/advisory/
http://secunia.com/secunia_research/2007-5/advisory/
http://secunia.com/secunia_research/2007-50/advisory/
http://secunia.com/secunia_research/2007-6/advisory/
http://secunia.com/secunia_research/2007-7/advisory/
http://secunia.com/secunia_research/2007-8/advisory/
http://secunia.com/secunia_research/2007-9/advisory/
http://www.kb.cert.org/vuls/id/292713
http://www.securityfocus.com/archive/1/457936/100/200/threaded
http://www.securityfocus.com/archive/1/457940/100/200/threaded
http://www.securityfocus.com/archive/1/457965/100/200/threaded
http://www.securityfocus.com/bid/22196
http://www.securityfocus.com/bid/23892
http://www.vupen.com/english/advisories/2007/0310
https://exchange.xforce.ibmcloud.com/vulnerabilities/31707

History

No history.

Subscriptions

Altdo Convert Mp3 Master Mp3 Record And Edit Audio Master

Americanshareware Mp3 Wav Converter

Audio Edit Magic Audio Edit Magic

Bearshare Bearshare

Cdburnerxp Cdburnerxp Pro

Cheetahburner Cheetah Cd Burner Cheetah Dvd Burner

Code-it Softare Abasic Editor Wave Mp3 Editor

Dandans Digital Media Products Easy Audio Editor Full Audio Converter Music Editing Master Visual Video Converter

Digital Borneo Audio Mixer And Editor

Easy Ringtone Maker Easy Ringtone Maker

Expstudio Audio Editor

Iaudiosoft.com Absolute Mp3 Splitter Absolute Sound Recorder Absolute Video To Audio Converter

Imesh.com Imesh

J Hepple Products Fx Audio Concat Fx Audio Editor Fx Audio Tools Fx Magic Music Fx Movie Joiner Fx Movie Joiner And Splitter Fx Movie Splitter Fx New Sound Fx Video Converter

Joshua Mediasoft Audio Convertor Plus Video Converter Plus

Magicvideosoftare Magic Audio Converter Magic Audio Recorder Magic Music Editor

Mcfunsoft Audio Editor Audio Recorder For Free Audio Studio Ipod Audio Studio Ipod Music Converter Recording To Ipod Solution

Mediatox Aurora Media Workshop

Movavi Chiliburner Convertmovie Dvd To Ipod Splitmovie Suite Videomessage

Mp3-soft Mp3 Normalizer

Mystik Media Products Audioedit Deluxe Blaze Media Pro Blaze Mediaconvert Contextconvert Pro

Nctsoft Products Nctaudioeditor Nctaudiofile2 Nctaudiostudio Nctdialogicvoice

Nextlevel Systems Audio Editor Gold Audio Studio Gold

Quikscribe Quikscribe Player Quikscribe Recorder

Recordnrip Recordnrip

Rmbsoft Audioconvert Soundedit Pro

Roemer Software Easy Hi-q Converter Easy Hi-q Recorder Free Hi-q Recorder

Sienzo Digital Music Mentor

Smart Media Systems Power Audio Editor

Softdiv Softare Dexster Ivideomax Mp3 To Wav Converter Snosh Videozilla

Virtual Cd Virtual Cd Virtual Cd File Server

Xrlly Software Arial Audio Converter Arial Sound Recorder Text To Speech Maker

Xwaver.com Magic Audio Editor Pro Magic Music Studio Pro

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2007-01-24T21:00:00.000Z

Updated: 2024-08-07T12:03:36.587Z

Reserved: 2007-01-02T00:00:00.000Z

Link: CVE-2007-0018

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-01-24T21:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0018

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-119

Tracking

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object