CVE-2007-3400

The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/37674
http://secunia.com/advisories/25825	Vendor Advisory
http://www.securityfocus.com/bid/24613	Exploit
http://www.vupen.com/english/advisories/2007/2351	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/35018
https://www.exploit-db.com/exploits/4101

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nctsoft:nctaudioeditor:_nil_:::::::*
	cpe:2.3:a:nctsoft:nctaudiostudio:2.7:::::::*

History

No history.

Information

Published : 2007-06-26 17:30

Updated : 2023-12-10 10:40

NVD link : CVE-2007-3400

Mitre link : CVE-2007-3400

CVE.ORG link : CVE-2007-3400

JSON object : View

Products Affected

nctsoft

nctaudiostudio
nctaudioeditor

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2007-3400", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-06-26T17:30:00.000", "references": [{"url": "http://osvdb.org/37674", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25825", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24613", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2351", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35018", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/4101", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method."}, {"lang": "es", "value": "El control ActiveX NCTAudioEditor2 en la biblioteca NCTWMAFile2.dll versi\u00f3n 2.6.2.157, distribuido en NCTAudioEditor y NCTAudioStudio versi\u00f3n 2.7, permite a atacantes remotos sobrescribir archivos arbitrarios por medio del m\u00e9todo CreateFile."}], "lastModified": "2017-10-11T01:32:47.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nctsoft:nctaudioeditor:_nil_:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2421B572-1695-47D9-92CE-D9F0D35D6049"}, {"criteria": "cpe:2.3:a:nctsoft:nctaudiostudio:2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75D92D71-5092-4023-8A9B-2F605811AFBB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}