CVE-2007-3493 - A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2

CVE-2007-3493

Summary

A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400.

References

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
cpe:2.3:a:nctsoft_products:nctaudiostudio:2.7:*:*:*:*:*:*:*
cpe:2.3:a:nctsoft_products:nctaudiostudio:2.7:*:*:*:*:*:*:*
cpe:2.3:a:nctsoft_products:nctwavchunkseditor2.dll:2.6.1.148:*:*:*:*:*:*:*
cpe:2.3:a:nctsoft_products:nctwavchunkseditor2.dll:2.6.1.148:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 23-07-2021 - 15:05)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	24656
exploit-db	4109
misc	http://www.shinnai.altervista.org/exploits/ntcwavchunkstxt.html http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Exploits&argument=Remote&topic=1182845325.ff.php&page=last
osvdb	37673
secunia	25851
vupen	ADV-2007-2351
xf	nctaudiostudio2-createfile-file-overwrite(35081)

Last major update

23-07-2021 - 15:05

Published

29-06-2007 - 18:30

Last modified

23-07-2021 - 15:05