ID |
CVE-2007-3493
|
Summary |
A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
-
cpe:2.3:a:nctsoft_products:nctaudiostudio:2.7:*:*:*:*:*:*:*
cpe:2.3:a:nctsoft_products:nctaudiostudio:2.7:*:*:*:*:*:*:*
-
cpe:2.3:a:nctsoft_products:nctwavchunkseditor2.dll:2.6.1.148:*:*:*:*:*:*:*
cpe:2.3:a:nctsoft_products:nctwavchunkseditor2.dll:2.6.1.148:*:*:*:*:*:*:*
|
CVSS |
Base: | 7.5 (as of 23-07-2021 - 15:05) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bid | 24656 | exploit-db | 4109 | misc | | osvdb | 37673 | secunia | 25851 | vupen | ADV-2007-2351 | xf | nctaudiostudio2-createfile-file-overwrite(35081) |
|
Last major update |
23-07-2021 - 15:05 |
Published |
29-06-2007 - 18:30 |
Last modified |
23-07-2021 - 15:05 |