9.3
CRITICAL
CVE-2007-0018
NCTAudioFile2 ActiveX Stack-based Buffer Overflow Vulnerability
Description

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.

INFO

Published Date :

Jan. 24, 2007, 9:28 p.m.

Last Modified :

Nov. 21, 2024, 12:24 a.m.

Remotely Exploitable :

Yes !

Impact Score :

10.0

Exploitability Score :

8.6
Affected Products

The following products are affected by CVE-2007-0018 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 J_hepple_products fx_audio_concat
2 J_hepple_products fx_audio_editor
3 J_hepple_products fx_audio_tools
4 J_hepple_products fx_magic_music
5 J_hepple_products fx_movie_joiner
6 J_hepple_products fx_movie_joiner_and_splitter
7 J_hepple_products fx_movie_splitter
8 J_hepple_products fx_new_sound
9 J_hepple_products fx_video_converter
1 Mcfunsoft audio_editor
2 Mcfunsoft audio_recorder_for_free
3 Mcfunsoft audio_studio
4 Mcfunsoft ipod_audio_studio
5 Mcfunsoft ipod_music_converter
6 Mcfunsoft recording_to_ipod_solution
1 Movavi chiliburner
2 Movavi convertmovie
3 Movavi dvd_to_ipod
4 Movavi splitmovie
5 Movavi suite
6 Movavi videomessage
1 Softdiv_softare dexster
2 Softdiv_softare ivideomax
3 Softdiv_softare mp3_to_wav_converter
4 Softdiv_softare snosh
5 Softdiv_softare videozilla
1 Dandans_digital_media_products easy_audio_editor
2 Dandans_digital_media_products full_audio_converter
3 Dandans_digital_media_products music_editing_master
4 Dandans_digital_media_products visual_video_converter
1 Mystik_media_products audioedit_deluxe
2 Mystik_media_products blaze_media_pro
3 Mystik_media_products blaze_mediaconvert
4 Mystik_media_products contextconvert_pro
1 Nctsoft_products nctaudioeditor
2 Nctsoft_products nctaudiofile2
3 Nctsoft_products nctaudiostudio
4 Nctsoft_products nctdialogicvoice
1 Iaudiosoft.com absolute_mp3_splitter
2 Iaudiosoft.com absolute_sound_recorder
3 Iaudiosoft.com absolute_video_to_audio_converter
1 Magicvideosoftare magic_audio_converter
2 Magicvideosoftare magic_audio_recorder
3 Magicvideosoftare magic_music_editor
1 Roemer_software easy_hi-q_converter
2 Roemer_software easy_hi-q_recorder
3 Roemer_software free_hi-q_recorder
1 Xrlly_software arial_audio_converter
2 Xrlly_software arial_sound_recorder
3 Xrlly_software text_to_speech_maker
1 Altdo convert_mp3_master
2 Altdo mp3_record_and_edit_audio_master
1 Cheetahburner cheetah_cd_burner
2 Cheetahburner cheetah_dvd_burner
1 Code-it_softare abasic_editor
2 Code-it_softare wave_mp3_editor
1 Joshua_mediasoft audio_convertor_plus
2 Joshua_mediasoft video_converter_plus
1 Nextlevel_systems audio_editor_gold
2 Nextlevel_systems audio_studio_gold
1 Quikscribe quikscribe_player
2 Quikscribe quikscribe_recorder
1 Rmbsoft audioconvert
2 Rmbsoft soundedit_pro
1 Virtual_cd virtual_cd
2 Virtual_cd virtual_cd_file_server
1 Xwaver.com magic_audio_editor_pro
2 Xwaver.com magic_music_studio_pro
1 Imesh.com imesh
1 Americanshareware mp3_wav_converter
1 Audio_edit_magic audio_edit_magic
1 Bearshare bearshare
1 Cdburnerxp cdburnerxp_pro
1 Digital_borneo audio_mixer_and_editor
1 Easy_ringtone_maker easy_ringtone_maker
1 Expstudio audio_editor
1 Mediatox aurora_media_workshop
1 Mp3-soft mp3_normalizer
1 Recordnrip recordnrip
1 Sienzo digital_music_mentor
1 Smart_media_systems power_audio_editor
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2007-0018.

URL Resource
http://secunia.com/advisories/22922
http://secunia.com/advisories/23475 Vendor Advisory
http://secunia.com/advisories/23485 Vendor Advisory
http://secunia.com/advisories/23493 Vendor Advisory
http://secunia.com/advisories/23495 Vendor Advisory
http://secunia.com/advisories/23511 Vendor Advisory
http://secunia.com/advisories/23516 Vendor Advisory
http://secunia.com/advisories/23530 Vendor Advisory
http://secunia.com/advisories/23532 Vendor Advisory
http://secunia.com/advisories/23534 Vendor Advisory
http://secunia.com/advisories/23535
http://secunia.com/advisories/23536
http://secunia.com/advisories/23541
http://secunia.com/advisories/23542
http://secunia.com/advisories/23543 Vendor Advisory
http://secunia.com/advisories/23544
http://secunia.com/advisories/23546
http://secunia.com/advisories/23548
http://secunia.com/advisories/23550
http://secunia.com/advisories/23551 Vendor Advisory
http://secunia.com/advisories/23552 Vendor Advisory
http://secunia.com/advisories/23553 Vendor Advisory
http://secunia.com/advisories/23554
http://secunia.com/advisories/23557 Vendor Advisory
http://secunia.com/advisories/23558
http://secunia.com/advisories/23560
http://secunia.com/advisories/23561
http://secunia.com/advisories/23562
http://secunia.com/advisories/23565
http://secunia.com/advisories/23568 Vendor Advisory
http://secunia.com/advisories/23745
http://secunia.com/advisories/23753
http://secunia.com/advisories/23795
http://secunia.com/advisories/25993
http://secunia.com/advisories/26046
http://secunia.com/advisories/26100
http://secunia.com/advisories/26101
http://secunia.com/advisories/28407
http://secunia.com/advisories/30406
http://secunia.com/advisories/30424
http://secunia.com/advisories/30439
http://secunia.com/advisories/30446
http://secunia.com/advisories/30447
http://secunia.com/advisories/30450
http://secunia.com/advisories/30459
http://secunia.com/blog/6/ Vendor Advisory
http://secunia.com/secunia_research/2007-10/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-11/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-12/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-13/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-14/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-15/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-16/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-17/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-18/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-19/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-2/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-20/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-21/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-22/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-23/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-24/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-25/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-26/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-27/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-28/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-29/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-3/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-30/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-31/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-32/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-33/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-34/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-4/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-5/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-50/advisory/
http://secunia.com/secunia_research/2007-6/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-7/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-8/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-9/advisory/ Vendor Advisory
http://www.kb.cert.org/vuls/id/292713 US Government Resource
http://www.securityfocus.com/archive/1/457936/100/200/threaded
http://www.securityfocus.com/archive/1/457940/100/200/threaded
http://www.securityfocus.com/archive/1/457965/100/200/threaded
http://www.securityfocus.com/bid/22196
http://www.securityfocus.com/bid/23892
http://www.vupen.com/english/advisories/2007/0310
https://exchange.xforce.ibmcloud.com/vulnerabilities/31707
http://secunia.com/advisories/22922
http://secunia.com/advisories/23475 Vendor Advisory
http://secunia.com/advisories/23485 Vendor Advisory
http://secunia.com/advisories/23493 Vendor Advisory
http://secunia.com/advisories/23495 Vendor Advisory
http://secunia.com/advisories/23511 Vendor Advisory
http://secunia.com/advisories/23516 Vendor Advisory
http://secunia.com/advisories/23530 Vendor Advisory
http://secunia.com/advisories/23532 Vendor Advisory
http://secunia.com/advisories/23534 Vendor Advisory
http://secunia.com/advisories/23535
http://secunia.com/advisories/23536
http://secunia.com/advisories/23541
http://secunia.com/advisories/23542
http://secunia.com/advisories/23543 Vendor Advisory
http://secunia.com/advisories/23544
http://secunia.com/advisories/23546
http://secunia.com/advisories/23548
http://secunia.com/advisories/23550
http://secunia.com/advisories/23551 Vendor Advisory
http://secunia.com/advisories/23552 Vendor Advisory
http://secunia.com/advisories/23553 Vendor Advisory
http://secunia.com/advisories/23554
http://secunia.com/advisories/23557 Vendor Advisory
http://secunia.com/advisories/23558
http://secunia.com/advisories/23560
http://secunia.com/advisories/23561
http://secunia.com/advisories/23562
http://secunia.com/advisories/23565
http://secunia.com/advisories/23568 Vendor Advisory
http://secunia.com/advisories/23745
http://secunia.com/advisories/23753
http://secunia.com/advisories/23795
http://secunia.com/advisories/25993
http://secunia.com/advisories/26046
http://secunia.com/advisories/26100
http://secunia.com/advisories/26101
http://secunia.com/advisories/28407
http://secunia.com/advisories/30406
http://secunia.com/advisories/30424
http://secunia.com/advisories/30439
http://secunia.com/advisories/30446
http://secunia.com/advisories/30447
http://secunia.com/advisories/30450
http://secunia.com/advisories/30459
http://secunia.com/blog/6/ Vendor Advisory
http://secunia.com/secunia_research/2007-10/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-11/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-12/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-13/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-14/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-15/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-16/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-17/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-18/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-19/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-2/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-20/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-21/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-22/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-23/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-24/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-25/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-26/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-27/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-28/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-29/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-3/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-30/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-31/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-32/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-33/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-34/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-4/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-5/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-50/advisory/
http://secunia.com/secunia_research/2007-6/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-7/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-8/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-9/advisory/ Vendor Advisory
http://www.kb.cert.org/vuls/id/292713 US Government Resource
http://www.securityfocus.com/archive/1/457936/100/200/threaded
http://www.securityfocus.com/archive/1/457940/100/200/threaded
http://www.securityfocus.com/archive/1/457965/100/200/threaded
http://www.securityfocus.com/bid/22196
http://www.securityfocus.com/bid/23892
http://www.vupen.com/english/advisories/2007/0310
https://exchange.xforce.ibmcloud.com/vulnerabilities/31707

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2007-0018 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2007-0018 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference http://secunia.com/advisories/22922
    Added Reference http://secunia.com/advisories/23475
    Added Reference http://secunia.com/advisories/23485
    Added Reference http://secunia.com/advisories/23493
    Added Reference http://secunia.com/advisories/23495
    Added Reference http://secunia.com/advisories/23511
    Added Reference http://secunia.com/advisories/23516
    Added Reference http://secunia.com/advisories/23530
    Added Reference http://secunia.com/advisories/23532
    Added Reference http://secunia.com/advisories/23534
    Added Reference http://secunia.com/advisories/23535
    Added Reference http://secunia.com/advisories/23536
    Added Reference http://secunia.com/advisories/23541
    Added Reference http://secunia.com/advisories/23542
    Added Reference http://secunia.com/advisories/23543
    Added Reference http://secunia.com/advisories/23544
    Added Reference http://secunia.com/advisories/23546
    Added Reference http://secunia.com/advisories/23548
    Added Reference http://secunia.com/advisories/23550
    Added Reference http://secunia.com/advisories/23551
    Added Reference http://secunia.com/advisories/23552
    Added Reference http://secunia.com/advisories/23553
    Added Reference http://secunia.com/advisories/23554
    Added Reference http://secunia.com/advisories/23557
    Added Reference http://secunia.com/advisories/23558
    Added Reference http://secunia.com/advisories/23560
    Added Reference http://secunia.com/advisories/23561
    Added Reference http://secunia.com/advisories/23562
    Added Reference http://secunia.com/advisories/23565
    Added Reference http://secunia.com/advisories/23568
    Added Reference http://secunia.com/advisories/23745
    Added Reference http://secunia.com/advisories/23753
    Added Reference http://secunia.com/advisories/23795
    Added Reference http://secunia.com/advisories/25993
    Added Reference http://secunia.com/advisories/26046
    Added Reference http://secunia.com/advisories/26100
    Added Reference http://secunia.com/advisories/26101
    Added Reference http://secunia.com/advisories/28407
    Added Reference http://secunia.com/advisories/30406
    Added Reference http://secunia.com/advisories/30424
    Added Reference http://secunia.com/advisories/30439
    Added Reference http://secunia.com/advisories/30446
    Added Reference http://secunia.com/advisories/30447
    Added Reference http://secunia.com/advisories/30450
    Added Reference http://secunia.com/advisories/30459
    Added Reference http://secunia.com/blog/6/
    Added Reference http://secunia.com/secunia_research/2007-10/advisory/
    Added Reference http://secunia.com/secunia_research/2007-11/advisory/
    Added Reference http://secunia.com/secunia_research/2007-12/advisory/
    Added Reference http://secunia.com/secunia_research/2007-13/advisory/
    Added Reference http://secunia.com/secunia_research/2007-14/advisory/
    Added Reference http://secunia.com/secunia_research/2007-15/advisory/
    Added Reference http://secunia.com/secunia_research/2007-16/advisory/
    Added Reference http://secunia.com/secunia_research/2007-17/advisory/
    Added Reference http://secunia.com/secunia_research/2007-18/advisory/
    Added Reference http://secunia.com/secunia_research/2007-19/advisory/
    Added Reference http://secunia.com/secunia_research/2007-2/advisory/
    Added Reference http://secunia.com/secunia_research/2007-20/advisory/
    Added Reference http://secunia.com/secunia_research/2007-21/advisory/
    Added Reference http://secunia.com/secunia_research/2007-22/advisory/
    Added Reference http://secunia.com/secunia_research/2007-23/advisory/
    Added Reference http://secunia.com/secunia_research/2007-24/advisory/
    Added Reference http://secunia.com/secunia_research/2007-25/advisory/
    Added Reference http://secunia.com/secunia_research/2007-26/advisory/
    Added Reference http://secunia.com/secunia_research/2007-27/advisory/
    Added Reference http://secunia.com/secunia_research/2007-28/advisory/
    Added Reference http://secunia.com/secunia_research/2007-29/advisory/
    Added Reference http://secunia.com/secunia_research/2007-3/advisory/
    Added Reference http://secunia.com/secunia_research/2007-30/advisory/
    Added Reference http://secunia.com/secunia_research/2007-31/advisory/
    Added Reference http://secunia.com/secunia_research/2007-32/advisory/
    Added Reference http://secunia.com/secunia_research/2007-33/advisory/
    Added Reference http://secunia.com/secunia_research/2007-34/advisory/
    Added Reference http://secunia.com/secunia_research/2007-4/advisory/
    Added Reference http://secunia.com/secunia_research/2007-5/advisory/
    Added Reference http://secunia.com/secunia_research/2007-50/advisory/
    Added Reference http://secunia.com/secunia_research/2007-6/advisory/
    Added Reference http://secunia.com/secunia_research/2007-7/advisory/
    Added Reference http://secunia.com/secunia_research/2007-8/advisory/
    Added Reference http://secunia.com/secunia_research/2007-9/advisory/
    Added Reference http://www.kb.cert.org/vuls/id/292713
    Added Reference http://www.securityfocus.com/archive/1/457936/100/200/threaded
    Added Reference http://www.securityfocus.com/archive/1/457940/100/200/threaded
    Added Reference http://www.securityfocus.com/archive/1/457965/100/200/threaded
    Added Reference http://www.securityfocus.com/bid/22196
    Added Reference http://www.securityfocus.com/bid/23892
    Added Reference http://www.vupen.com/english/advisories/2007/0310
    Added Reference https://exchange.xforce.ibmcloud.com/vulnerabilities/31707
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Oct. 16, 2018

    Action Type Old Value New Value
    Removed Reference http://www.securityfocus.com/archive/1/archive/1/457940/100/200/threaded [No Types Assigned]
    Removed Reference http://www.securityfocus.com/archive/1/archive/1/457936/100/200/threaded [No Types Assigned]
    Removed Reference http://www.securityfocus.com/archive/1/archive/1/457965/100/200/threaded [No Types Assigned]
    Added Reference http://www.securityfocus.com/archive/1/457965/100/200/threaded [No Types Assigned]
    Added Reference http://www.securityfocus.com/archive/1/457940/100/200/threaded [No Types Assigned]
    Added Reference http://www.securityfocus.com/archive/1/457936/100/200/threaded [No Types Assigned]
  • CVE Modified by [email protected]

    Jul. 29, 2017

    Action Type Old Value New Value
    Removed Reference http://xforce.iss.net/xforce/xfdb/31707 [No Types Assigned]
    Added Reference https://exchange.xforce.ibmcloud.com/vulnerabilities/31707 [No Types Assigned]
  • Initial Analysis by [email protected]

    Jan. 25, 2007

    Action Type Old Value New Value
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

89.43 }} -5.86%

score

0.99005

percentile

CVSS2 - Vulnerability Scoring System
Access Vector
Access Complexity
Authentication
Confidentiality
Integrity
Availability