HTTP: NCTAudioFile2 ActiveX Vulnerability
This signature detects attempts to exploit a known vulnerability in NCTAudioFile2 ActiveX control. Attackers can create a malicious Web page containing dangerous Active X calls, which if accessed by a victim, can allow the attacker to gain control of the victim's client browser.
Extended Description
NCTsoft NCTAudioFile2 ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer. NCTAudioEditor is a collection of ActiveX controls for manipulating audio data. Numerous audio software products use the vulnerable 'NCTAudioFile2.AudioFile' ActiveX component. NCTAudioStudio 2.7.1, NCTAudioEditor 2.7.1, and NCTDialogicVoice 2.7.1 are affected by this vulnerability; other versions may be affected as well. NOTE: Please see the vulnerable systems section for third-party products that are affected because they depend on this ActiveX control.
Affected Products
Mcfunsoft audio_editor
References
BugTraq: 22196
CVE: CVE-2007-0018
URL: http://www.securityfocus.com/archive/1/457965/30/0/threaded http://www.kb.cert.org/vuls/id/292713
Short Name
HTTP:STC:CLSID:ACTIVEX:NCT-AX
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
ActiveX CVE-2007-0018 NCTAudioFile2 Vulnerability bid:22196
Release Date
07/25/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Occasionally
Vendors
Magic_video_software
Arial
Magic_software
Akram_software
Altdo_software
Audioeditmagic
Digital_borneo
Focus_systems
Code-it_software
Mcfunsoft
Dandans_digital_media
Tec_software
Musiclab
Cool_audio_software
Mightsoft
Colorfulsoft
American_shareware_technologies
Nextlevel_software
Color7_technology
Quikscribe
Smartmedia_systems
Sienzo
Absolute_software
Audio_tools_factory
Nctsoft
Easy_ringtone_maker
Imesh
Cheeta_technologies
Movavi
Amw
Aurora_software
Softdiv
Mystik_media
Roemer_software
J._hepple
Joshua_mediasoft
Rmbsoft
Hifi_software
Stefan_haglund,_fredrik_haglund,_florian_schmitz
Mp3-soft
Oracle
Xrlly_software
Expstudio
Digital_smart
Audiotool.net
A-one_software
Alo_software
Plato_software
Goodvdsoft.com
Hit-recorder
H+h_software
Recordnrip
Stefan_bethge
CVSS Score
9.3