9.3

CVE-2008-4342

Exploit
NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Burnaware TechnologiesBurnaware Version2.1.3 Updateunknown Editionfree
Burnaware TechnologiesBurnaware Version2.1.3 Updateunknown Editionhome
Burnaware TechnologiesBurnaware Version2.1.3 Updateunknown Editionprofessional
ImpressumCdburnerxp Version4.2.1.976
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 17.2% 0.967
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://retrogod.altervista.org/9sg_numedia_xpl.html
Exploit
http://secunia.com/advisories/31936
Vendor Advisory
http://secunia.com/advisories/31949
Vendor Advisory
http://secunia.com/advisories/31950
Vendor Advisory
http://secunia.com/advisories/32455
Vendor Advisory
http://www.securityfocus.com/archive/1/497831/100/0/threaded
http://www.securityfocus.com/bid/31374
Exploit
http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq
Exploit
URL Repurposed
http://www.vupen.com/english/advisories/2008/2663
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45330
https://www.exploit-db.com/exploits/6491