CVE-2007-0018 - OpenCVE

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Altdo	Convert Mp3 Master Mp3 Record And Edit Audio Master
Americanshareware	Mp3 Wav Converter
Audio Edit Magic	Audio Edit Magic
Bearshare	Bearshare
Cdburnerxp	Cdburnerxp Pro
Cheetahburner	Cheetah Cd Burner Cheetah Dvd Burner
Code-it Softare	Abasic Editor Wave Mp3 Editor
Dandans Digital Media Products	Easy Audio Editor Full Audio Converter Music Editing Master Visual Video Converter
Digital Borneo	Audio Mixer And Editor
Easy Ringtone Maker	Easy Ringtone Maker
Expstudio	Audio Editor
Iaudiosoft.com	Absolute Mp3 Splitter Absolute Sound Recorder Absolute Video To Audio Converter
Imesh.com	Imesh
J Hepple Products	Fx Audio Concat Fx Audio Editor Fx Audio Tools Fx Magic Music Fx Movie Joiner Fx Movie Joiner And Splitter Fx Movie Splitter Fx New Sound Fx Video Converter
Joshua Mediasoft	Audio Convertor Plus Video Converter Plus
Magicvideosoftare	Magic Audio Converter Magic Audio Recorder Magic Music Editor
Mcfunsoft	Audio Editor Audio Recorder For Free Audio Studio Ipod Audio Studio Ipod Music Converter Recording To Ipod Solution
Mediatox	Aurora Media Workshop
Movavi	Chiliburner Convertmovie Dvd To Ipod Splitmovie Suite Videomessage
Mp3-soft	Mp3 Normalizer
Mystik Media Products	Audioedit Deluxe Blaze Media Pro Blaze Mediaconvert Contextconvert Pro
Nctsoft Products	Nctaudioeditor Nctaudiofile2 Nctaudiostudio Nctdialogicvoice
Nextlevel Systems	Audio Editor Gold Audio Studio Gold
Quikscribe	Quikscribe Player Quikscribe Recorder
Recordnrip	Recordnrip
Rmbsoft	Audioconvert Soundedit Pro
Roemer Software	Easy Hi-q Converter Easy Hi-q Recorder Free Hi-q Recorder
Sienzo	Digital Music Mentor
Smart Media Systems	Power Audio Editor
Softdiv Softare	Dexster Ivideomax Mp3 To Wav Converter Snosh Videozilla
Virtual Cd	Virtual Cd Virtual Cd File Server
Xrlly Software	Arial Audio Converter Arial Sound Recorder Text To Speech Maker
Xwaver.com	Magic Audio Editor Pro Magic Music Studio Pro

Configuration 1 [-]

OR	cpe:2.3:a:altdo:convert_mp3_master:1.1:::::::*
	cpe:2.3:a:altdo:mp3_record_and_edit_audio_master:1.2:::::::*
	cpe:2.3:a:americanshareware:mp3_wav_converter:3.1.8:::::::*
	cpe:2.3:a:audio_edit_magic:audio_edit_magic:9.2.3_389:::::::*
	cpe:2.3:a:bearshare:bearshare:6.0.2.26789:::::::*
	cpe:2.3:a:cdburnerxp:cdburnerxp_pro:3.0.116:::::::*
	cpe:2.3:a:cheetahburner:cheetah_cd_burner:3.56:::::::*
	cpe:2.3:a:cheetahburner:cheetah_dvd_burner:1.79:::::::*
	cpe:2.3:a:code-it_softare:abasic_editor:10.1:::::::*
	cpe:2.3:a:code-it_softare:wave_mp3_editor:10.1:::::::*
	cpe:2.3:a:dandans_digital_media_products:easy_audio_editor:7.4:::::::*
	cpe:2.3:a:dandans_digital_media_products:full_audio_converter:4.2:::::::*
	cpe:2.3:a:dandans_digital_media_products:music_editing_master:5.2:::::::*
	cpe:2.3:a:dandans_digital_media_products:visual_video_converter:4.4:::::::*
	cpe:2.3:a:digital_borneo:audio_mixer_and_editor:1.1.0:::::::*
	cpe:2.3:a:easy_ringtone_maker:easy_ringtone_maker:2.0.5:::::::*
	cpe:2.3:a:expstudio:audio_editor:4.0.2:::::::*
	cpe:2.3:a:iaudiosoft.com:absolute_mp3_splitter:2.5.4:::::::*
	cpe:2.3:a:iaudiosoft.com:absolute_sound_recorder:3.4.5:::::::*
	cpe:2.3:a:iaudiosoft.com:absolute_video_to_audio_converter:2.7.9:::::::*
	cpe:2.3:a:imesh.com:imesh:7.0.2.26789:::::::*
	cpe:2.3:a:j_hepple_products:fx_audio_concat:1.2.0_beta:::::::*
	cpe:2.3:a:j_hepple_products:fx_audio_editor:4.7.11:::::::*
	cpe:2.3:a:j_hepple_products:fx_audio_tools:7.3.4:::::::*
	cpe:2.3:a:j_hepple_products:fx_magic_music:5.7.7:::::::*
	cpe:2.3:a:j_hepple_products:fx_movie_joiner:6.2.8:::::::*
	cpe:2.3:a:j_hepple_products:fx_movie_joiner_and_splitter:6.2.8:::::::*
	cpe:2.3:a:j_hepple_products:fx_movie_splitter:6.4.7:::::::*
	cpe:2.3:a:j_hepple_products:fx_new_sound:5.1.1:::::::*
	cpe:2.3:a:j_hepple_products:fx_video_converter:7.51.21:::::::*
	cpe:2.3:a:joshua_mediasoft:audio_convertor_plus:2.2:::::::*
	cpe:2.3:a:joshua_mediasoft:video_converter_plus:3.01:::::::*
	cpe:2.3:a:magicvideosoftare:magic_audio_converter:8.2.6_build_719:::::::*
	cpe:2.3:a:magicvideosoftare:magic_audio_recorder:5.3.7:::::::*
	cpe:2.3:a:magicvideosoftare:magic_music_editor:5.2.2:::::::*
	cpe:2.3:a:mcfunsoft:audio_editor:6.3.3_build_489:::::::*
	cpe:2.3:a:mcfunsoft:audio_recorder_for_free:6.1:::::::*
	cpe:2.3:a:mcfunsoft:audio_studio:6.6.3_build_479:::::::*
	cpe:2.3:a:mcfunsoft:ipod_audio_studio:6.2.4:::::::*
	cpe:2.3:a:mcfunsoft:ipod_music_converter:5.1:::::::*
	cpe:2.3:a:mcfunsoft:recording_to_ipod_solution:5.1:::::::*
	cpe:2.3:a:mediatox:aurora_media_workshop:3.3.25:::::::*
	cpe:2.3:a:movavi:chiliburner:2.3:::::::*
	cpe:2.3:a:movavi:convertmovie:4.4:::::::*
	cpe:2.3:a:movavi:dvd_to_ipod:1.0:::::::*
	cpe:2.3:a:movavi:splitmovie:1.4:::::::*
	cpe:2.3:a:movavi:suite:3.5:::::::*
	cpe:2.3:a:movavi:videomessage:1.0:::::::*
	cpe:2.3:a:mp3-soft:mp3_normalizer:1.03:::::::*
	cpe:2.3:a:mystik_media_products:audioedit_deluxe:4.10:::::::*
	cpe:2.3:a:mystik_media_products:blaze_media_pro:7.0:::::::*
	cpe:2.3:a:mystik_media_products:blaze_mediaconvert:3.4:::::::*
	cpe:2.3:a:mystik_media_products:contextconvert_pro:3.1:::::::*
	cpe:2.3:a:nctsoft_products:nctaudioeditor:2.7.1:::::::*
	cpe:2.3:a:nctsoft_products:nctaudiofile2::::::::
	cpe:2.3:a:nctsoft_products:nctaudiostudio:2.7.1:::::::*
	cpe:2.3:a:nctsoft_products:nctdialogicvoice:2.7.1:::::::*
	cpe:2.3:a:nextlevel_systems:audio_editor_gold:9.2.5_build_424:::::::*
	cpe:2.3:a:nextlevel_systems:audio_studio_gold:7.0.1.1_build_500:::::::*
	cpe:2.3:a:quikscribe:quikscribe_player:5.022.05:::::::*
	cpe:2.3:a:quikscribe:quikscribe_recorder:5.021.29:::::::*
	cpe:2.3:a:recordnrip:recordnrip:1.0:::::::*
	cpe:2.3:a:rmbsoft:audioconvert:3.1.0.125:::::::*
	cpe:2.3:a:rmbsoft:soundedit_pro:2.1:::::::*
cpe:2.3:a:roemer_software:easy_hi-q_converter:1.7:::::::*
cpe:2.3:a:roemer_software:easy_hi-q_recorder:2.0:::::::*
cpe:2.3:a:roemer_software:free_hi-q_recorder:1.9:::::::*
cpe:2.3:a:sienzo:digital_music_mentor:2.6.0.3:::::::*
cpe:2.3:a:smart_media_systems:power_audio_editor:11.0.1:::::::*
cpe:2.3:a:softdiv_softare:dexster:3.0:::::::*
cpe:2.3:a:softdiv_softare:ivideomax:3.9:::::::*
cpe:2.3:a:softdiv_softare:mp3_to_wav_converter:3.0:::::::*
cpe:2.3:a:softdiv_softare:snosh:1.4:::::::*
cpe:2.3:a:softdiv_softare:videozilla:2.5:::::::*
cpe:2.3:a:virtual_cd:virtual_cd:6.0.0.7:::::::*
cpe:2.3:a:virtual_cd:virtual_cd:7.1.0.2:::::::*
cpe:2.3:a:virtual_cd:virtual_cd:8.0.0.6:::::::*
cpe:2.3:a:virtual_cd:virtual_cd_file_server:7.1.0.3:::::::*
cpe:2.3:a:xrlly_software:arial_audio_converter:2.3.40:::::::*
cpe:2.3:a:xrlly_software:arial_sound_recorder:1.4.3:::::::*
cpe:2.3:a:xrlly_software:text_to_speech_maker:1.3.8:::::::*
cpe:2.3:a:xwaver.com:magic_audio_editor_pro:10.3.1_build_476:::::::*
cpe:2.3:a:xwaver.com:magic_music_studio_pro:7.0.2.1_build_500:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/22922
http://secunia.com/advisories/23475
http://secunia.com/advisories/23485
http://secunia.com/advisories/23493
http://secunia.com/advisories/23495
http://secunia.com/advisories/23511
http://secunia.com/advisories/23516
http://secunia.com/advisories/23530
http://secunia.com/advisories/23532
http://secunia.com/advisories/23534
http://secunia.com/advisories/23535
http://secunia.com/advisories/23536
http://secunia.com/advisories/23541
http://secunia.com/advisories/23542
http://secunia.com/advisories/23543
http://secunia.com/advisories/23544
http://secunia.com/advisories/23546
http://secunia.com/advisories/23548
http://secunia.com/advisories/23550
http://secunia.com/advisories/23551
http://secunia.com/advisories/23552
http://secunia.com/advisories/23553
http://secunia.com/advisories/23554
http://secunia.com/advisories/23557
http://secunia.com/advisories/23558
http://secunia.com/advisories/23560
http://secunia.com/advisories/23561
http://secunia.com/advisories/23562
http://secunia.com/advisories/23565
http://secunia.com/advisories/23568
http://secunia.com/advisories/23745
http://secunia.com/advisories/23753
http://secunia.com/advisories/23795
http://secunia.com/advisories/25993
http://secunia.com/advisories/26046
http://secunia.com/advisories/26100
http://secunia.com/advisories/26101
http://secunia.com/advisories/28407
http://secunia.com/advisories/30406
http://secunia.com/advisories/30424
http://secunia.com/advisories/30439
http://secunia.com/advisories/30446
http://secunia.com/advisories/30447
http://secunia.com/advisories/30450
http://secunia.com/advisories/30459
http://secunia.com/blog/6/
http://secunia.com/secunia_research/2007-10/advisory/
http://secunia.com/secunia_research/2007-11/advisory/
http://secunia.com/secunia_research/2007-12/advisory/
http://secunia.com/secunia_research/2007-13/advisory/
http://secunia.com/secunia_research/2007-14/advisory/
http://secunia.com/secunia_research/2007-15/advisory/
http://secunia.com/secunia_research/2007-16/advisory/
http://secunia.com/secunia_research/2007-17/advisory/
http://secunia.com/secunia_research/2007-18/advisory/
http://secunia.com/secunia_research/2007-19/advisory/
http://secunia.com/secunia_research/2007-2/advisory/
http://secunia.com/secunia_research/2007-20/advisory/
http://secunia.com/secunia_research/2007-21/advisory/
http://secunia.com/secunia_research/2007-22/advisory/
http://secunia.com/secunia_research/2007-23/advisory/
http://secunia.com/secunia_research/2007-24/advisory/
http://secunia.com/secunia_research/2007-25/advisory/
http://secunia.com/secunia_research/2007-26/advisory/
http://secunia.com/secunia_research/2007-27/advisory/
http://secunia.com/secunia_research/2007-28/advisory/
http://secunia.com/secunia_research/2007-29/advisory/
http://secunia.com/secunia_research/2007-3/advisory/
http://secunia.com/secunia_research/2007-30/advisory/
http://secunia.com/secunia_research/2007-31/advisory/
http://secunia.com/secunia_research/2007-32/advisory/
http://secunia.com/secunia_research/2007-33/advisory/
http://secunia.com/secunia_research/2007-34/advisory/
http://secunia.com/secunia_research/2007-4/advisory/
http://secunia.com/secunia_research/2007-5/advisory/
http://secunia.com/secunia_research/2007-50/advisory/
http://secunia.com/secunia_research/2007-6/advisory/
http://secunia.com/secunia_research/2007-7/advisory/
http://secunia.com/secunia_research/2007-8/advisory/
http://secunia.com/secunia_research/2007-9/advisory/
http://www.kb.cert.org/vuls/id/292713
http://www.securityfocus.com/archive/1/457936/100/200/threaded
http://www.securityfocus.com/archive/1/457940/100/200/threaded
http://www.securityfocus.com/archive/1/457965/100/200/threaded
http://www.securityfocus.com/bid/22196
http://www.securityfocus.com/bid/23892
http://www.vupen.com/english/advisories/2007/0310
https://exchange.xforce.ibmcloud.com/vulnerabilities/31707

History

No history.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2007-01-24T21:00:00

Updated: 2024-08-07T12:03:36.587Z

Reserved: 2007-01-02T00:00:00

Link: CVE-2007-0018

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-01-24T21:28:00.000

Modified: 2018-10-16T16:30:18.023

Link: CVE-2007-0018

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object