[NT] NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 24 Jan 2007 20:00:47 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow
------------------------------------------------------------------------
SUMMARY
" <http://nctsoft.com/products/NCTAudioEditor2/> NCTAudioEditor ActiveX
DLL is a visual multifunctional audio files editor. It can be used to
build applications, which allow end-users to perform various operations
with audio data such as displaying a waveform image and a spectral view of
an audio file, recording, playing, editing, mixing, applying various audio
effects and filters, format conversion and more. Supports all major audio
formats."
" <http://nctsoft.com/products/NCTAudioStudio2/> NCTAudioStudio is a
package of 18 ActiveX Controls DLLs for work with audio data."
" <http://nctsoft.com/products/NCTDialogicVoice2/> NCTDialogicVoice is a
rapid application development tool for Dialogic voice boards."
Secunia Research has discovered a vulnerability in NCTAudioStudio,
NCTAudioEditor, and NCTDialogicVoice, which can be exploited bymalicious
people to compromise a user's system.
DETAILS
Vulnerable Systems:
* NCTAudioStudio version 2.7.1
* NCTAudioEditor version 2.7.1
* NCTDialogicVoice version 2.7.1
The vulnerability is caused due to a boundary error in the
NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll) when handling
the "SetFormatLikeSample()" method. This can be exploited to cause a
stack-based buffer overflow by passing an overly long string (about 4124
bytes) as argument to the affected method.
Successful exploitation allows execution of arbitrary code when a user
e.g. visits a malicious website.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0018>
CVE-2007-0018
ADDITIONAL INFORMATION
The information has been provided by <mailto:remove-vuln@xxxxxxxxxxx>
Carsten Eiram, Secunia Research.
The original article can be found at:
<http://corporate.secunia.com/secunia_research/33/>
http://corporate.secunia.com/secunia_research/33/
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NEWS] WzdFTPD hash DoS
- Next by Date: [NEWS] Browsers Improperly Parses HTML Documents and BlogSpot XSS Vulnerability
- Previous by thread: [NEWS] WzdFTPD hash DoS
- Next by thread: [NEWS] Browsers Improperly Parses HTML Documents and BlogSpot XSS Vulnerability
- Index(es):
Relevant Pages
|
