CVE-2007-0018

EPSS 72.47%
Published 24.01.2007 21:28:00
Last modified 09.04.2025 00:30:58
Source PSIRT-CNA@flexerasoftware.com
Teams watchlist Login
Open Login

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.

Affected products Warnungen 0 Metrics 2 CWE 1 References 91

Data is provided by the National Vulnerability Database (NVD)

Altdo ≫ Convert Mp3 Master Version1.1

Altdo ≫ Mp3 Record And Edit Audio Master Version1.2

Americanshareware ≫ Mp3 Wav Converter Version3.1.8

Audio Edit Magic ≫ Audio Edit Magic Version9.2.3_389

Bearshare ≫ Bearshare Version6.0.2.26789

Cdburnerxp ≫ Cdburnerxp Pro Version3.0.116

Cheetahburner ≫ Cheetah Cd Burner Version3.56

Cheetahburner ≫ Cheetah Dvd Burner Version1.79

Code-it Softare ≫ Abasic Editor Version10.1

Code-it Softare ≫ Wave Mp3 Editor Version10.1

Dandans Digital Media Products ≫ Easy Audio Editor Version7.4

Dandans Digital Media Products ≫ Full Audio Converter Version4.2

Dandans Digital Media Products ≫ Music Editing Master Version5.2

Dandans Digital Media Products ≫ Visual Video Converter Version4.4

Digital Borneo ≫ Audio Mixer And Editor Version1.1.0

Easy Ringtone Maker ≫ Easy Ringtone Maker Version2.0.5

Expstudio ≫ Audio Editor Version4.0.2

Iaudiosoft.Com ≫ Absolute Mp3 Splitter Version2.5.4

Iaudiosoft.Com ≫ Absolute Sound Recorder Version3.4.5

Iaudiosoft.Com ≫ Absolute Video To Audio Converter Version2.7.9

Imesh.Com ≫ Imesh Version7.0.2.26789

J Hepple Products ≫ Fx Audio Concat Version1.2.0_beta

J Hepple Products ≫ Fx Audio Editor Version4.7.11

J Hepple Products ≫ Fx Audio Tools Version7.3.4

J Hepple Products ≫ Fx Magic Music Version5.7.7

J Hepple Products ≫ Fx Movie Joiner Version6.2.8

J Hepple Products ≫ Fx Movie Joiner And Splitter Version6.2.8

J Hepple Products ≫ Fx Movie Splitter Version6.4.7

J Hepple Products ≫ Fx New Sound Version5.1.1

J Hepple Products ≫ Fx Video Converter Version7.51.21

Joshua Mediasoft ≫ Audio Convertor Plus Version2.2

Joshua Mediasoft ≫ Video Converter Plus Version3.01

Magicvideosoftare ≫ Magic Audio Converter Version8.2.6_build_719

Magicvideosoftare ≫ Magic Audio Recorder Version5.3.7

Magicvideosoftare ≫ Magic Music Editor Version5.2.2

Mcfunsoft ≫ Audio Editor Version6.3.3_build_489

Mcfunsoft ≫ Audio Recorder For Free Version6.1

Mcfunsoft ≫ Audio Studio Version6.6.3_build_479

Mcfunsoft ≫ Ipod Audio Studio Version6.2.4

Mcfunsoft ≫ Ipod Music Converter Version5.1

Mcfunsoft ≫ Recording To Ipod Solution Version5.1

Mediatox ≫ Aurora Media Workshop Version3.3.25

Movavi ≫ Chiliburner Version2.3

Movavi ≫ Convertmovie Version4.4

Movavi ≫ Dvd To Ipod Version1.0

Movavi ≫ Splitmovie Version1.4

Movavi ≫ Suite Version3.5

Movavi ≫ Videomessage Version1.0

Mp3-soft ≫ Mp3 Normalizer Version1.03

Mystik Media Products ≫ Audioedit Deluxe Version4.10

Mystik Media Products ≫ Blaze Media Pro Version7.0

Mystik Media Products ≫ Blaze Mediaconvert Version3.4

Mystik Media Products ≫ Contextconvert Pro Version3.1

Nctsoft Products ≫ Nctaudioeditor Version2.7.1

Nctsoft Products ≫ Nctaudiofile2

Nctsoft Products ≫ Nctaudiostudio Version2.7.1

Nctsoft Products ≫ Nctdialogicvoice Version2.7.1

Nextlevel Systems ≫ Audio Editor Gold Version9.2.5_build_424

Nextlevel Systems ≫ Audio Studio Gold Version7.0.1.1_build_500

Quikscribe ≫ Quikscribe Player Version5.022.05

Quikscribe ≫ Quikscribe Recorder Version5.021.29

Recordnrip ≫ Recordnrip Version1.0

Rmbsoft ≫ Audioconvert Version3.1.0.125

Rmbsoft ≫ Soundedit Pro Version2.1

Roemer Software ≫ Easy Hi-q Converter Version1.7

Roemer Software ≫ Easy Hi-q Recorder Version2.0

Roemer Software ≫ Free Hi-q Recorder Version1.9

Sienzo ≫ Digital Music Mentor Version2.6.0.3

Smart Media Systems ≫ Power Audio Editor Version11.0.1

Softdiv Softare ≫ Dexster Version3.0

Softdiv Softare ≫ Ivideomax Version3.9

Softdiv Softare ≫ Mp3 To Wav Converter Version3.0

Softdiv Softare ≫ Snosh Version1.4

Softdiv Softare ≫ Videozilla Version2.5

Virtual Cd ≫ Virtual Cd Version6.0.0.7

Virtual Cd ≫ Virtual Cd Version7.1.0.2

Virtual Cd ≫ Virtual Cd Version8.0.0.6

Virtual Cd ≫ Virtual Cd File Server Version7.1.0.3

Xrlly Software ≫ Arial Audio Converter Version2.3.40

Xrlly Software ≫ Arial Sound Recorder Version1.4.3

Xrlly Software ≫ Text To Speech Maker Version1.3.8

Xwaver.Com ≫ Magic Audio Editor Pro Version10.3.1_build_476

Xwaver.Com ≫ Magic Music Studio Pro Version7.0.2.1_build_500

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	72.47%	0.987

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/22922

http://secunia.com/advisories/23475

Vendor Advisory

http://secunia.com/advisories/23485

Vendor Advisory

http://secunia.com/advisories/23493

Vendor Advisory

http://secunia.com/advisories/23495

Vendor Advisory

http://secunia.com/advisories/23511

Vendor Advisory

http://secunia.com/advisories/23516