ghsa-gwfv-7rcq-hxcc
Vulnerability from github
Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.
{ "affected": [], "aliases": [ "CVE-2007-0018" ], "database_specific": { "cwe_ids": [ "CWE-119" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2007-01-24T21:28:00Z", "severity": "HIGH" }, "details": "Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.", "id": "GHSA-gwfv-7rcq-hxcc", "modified": "2025-04-09T03:36:35Z", "published": "2022-05-01T17:41:21Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0018" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31707" }, { "type": "WEB", "url": "http://secunia.com/advisories/22922" }, { "type": "WEB", "url": "http://secunia.com/advisories/23475" }, { "type": "WEB", "url": "http://secunia.com/advisories/23485" }, { "type": "WEB", "url": "http://secunia.com/advisories/23493" }, { "type": "WEB", "url": "http://secunia.com/advisories/23495" }, { "type": "WEB", "url": "http://secunia.com/advisories/23511" }, { "type": "WEB", "url": "http://secunia.com/advisories/23516" }, { "type": "WEB", "url": "http://secunia.com/advisories/23530" }, { "type": "WEB", "url": "http://secunia.com/advisories/23532" }, { "type": "WEB", "url": "http://secunia.com/advisories/23534" }, { "type": "WEB", "url": "http://secunia.com/advisories/23535" }, { "type": "WEB", "url": "http://secunia.com/advisories/23536" }, { "type": "WEB", "url": "http://secunia.com/advisories/23541" }, { "type": "WEB", "url": "http://secunia.com/advisories/23542" }, { "type": "WEB", "url": "http://secunia.com/advisories/23543" }, { "type": "WEB", "url": "http://secunia.com/advisories/23544" }, { "type": "WEB", "url": "http://secunia.com/advisories/23546" }, { "type": "WEB", "url": "http://secunia.com/advisories/23548" }, { "type": "WEB", "url": "http://secunia.com/advisories/23550" }, { "type": "WEB", "url": "http://secunia.com/advisories/23551" }, { "type": "WEB", "url": "http://secunia.com/advisories/23552" }, { "type": "WEB", "url": "http://secunia.com/advisories/23553" }, { "type": "WEB", "url": "http://secunia.com/advisories/23554" }, { "type": "WEB", "url": "http://secunia.com/advisories/23557" }, { "type": "WEB", "url": "http://secunia.com/advisories/23558" }, { "type": "WEB", "url": "http://secunia.com/advisories/23560" }, { "type": "WEB", "url": "http://secunia.com/advisories/23561" }, { "type": "WEB", "url": "http://secunia.com/advisories/23562" }, { "type": "WEB", "url": "http://secunia.com/advisories/23565" }, { "type": "WEB", "url": "http://secunia.com/advisories/23568" }, { "type": "WEB", "url": "http://secunia.com/advisories/23745" }, { "type": "WEB", "url": "http://secunia.com/advisories/23753" }, { "type": "WEB", "url": "http://secunia.com/advisories/23795" }, { "type": "WEB", "url": "http://secunia.com/advisories/25993" }, { "type": "WEB", "url": "http://secunia.com/advisories/26046" }, { "type": "WEB", "url": "http://secunia.com/advisories/26100" }, { "type": "WEB", "url": "http://secunia.com/advisories/26101" }, { "type": "WEB", "url": "http://secunia.com/advisories/28407" }, { "type": "WEB", "url": "http://secunia.com/advisories/30406" }, { "type": "WEB", "url": "http://secunia.com/advisories/30424" }, { "type": "WEB", "url": "http://secunia.com/advisories/30439" }, { "type": "WEB", "url": "http://secunia.com/advisories/30446" }, { "type": "WEB", "url": "http://secunia.com/advisories/30447" }, { "type": "WEB", "url": "http://secunia.com/advisories/30450" }, { "type": "WEB", "url": "http://secunia.com/advisories/30459" }, { "type": "WEB", "url": "http://secunia.com/blog/6" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-10/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-11/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-12/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-13/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-14/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-15/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-16/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-17/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-18/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-19/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-2/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-20/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-21/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-22/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-23/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-24/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-25/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-26/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-27/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-28/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-29/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-3/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-30/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-31/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-32/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-33/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-34/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-4/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-5/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-50/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-6/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-7/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-8/advisory" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2007-9/advisory" }, { "type": "WEB", "url": "http://www.kb.cert.org/vuls/id/292713" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/457936/100/200/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/457940/100/200/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/457965/100/200/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/22196" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/23892" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2007/0310" } ], "schema_version": "1.4.0", "severity": [] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.