CVE-2007-0018

9.3

CRITICAL

NCTAudioFile2 ActiveX Stack-based Buffer Overflow Vulnerability

Description

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.

INFO

Published Date :

Jan. 24, 2007, 9:28 p.m.

Last Modified :

Oct. 16, 2018, 4:30 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

10.0

Exploitability Score :

8.6

Affected Products

The following products are affected by CVE-2007-0018 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	J_hepple_products	fx_audio_concat
2	J_hepple_products	fx_audio_editor
3	J_hepple_products	fx_audio_tools
4	J_hepple_products	fx_magic_music
5	J_hepple_products	fx_movie_joiner
6	J_hepple_products	fx_movie_joiner_and_splitter
7	J_hepple_products	fx_movie_splitter
8	J_hepple_products	fx_new_sound
9	J_hepple_products	fx_video_converter
1	Mcfunsoft	audio_editor
2	Mcfunsoft	audio_recorder_for_free
3	Mcfunsoft	audio_studio
4	Mcfunsoft	ipod_audio_studio
5	Mcfunsoft	ipod_music_converter
6	Mcfunsoft	recording_to_ipod_solution
1	Movavi	chiliburner
2	Movavi	convertmovie
3	Movavi	dvd_to_ipod
4	Movavi	splitmovie
5	Movavi	suite
6	Movavi	videomessage
1	Softdiv_softare	dexster
2	Softdiv_softare	ivideomax
3	Softdiv_softare	mp3_to_wav_converter
4	Softdiv_softare	snosh
5	Softdiv_softare	videozilla
1	Dandans_digital_media_products	easy_audio_editor
2	Dandans_digital_media_products	full_audio_converter
3	Dandans_digital_media_products	music_editing_master
4	Dandans_digital_media_products	visual_video_converter
1	Mystik_media_products	audioedit_deluxe
2	Mystik_media_products	blaze_media_pro
3	Mystik_media_products	blaze_mediaconvert
4	Mystik_media_products	contextconvert_pro
1	Nctsoft_products	nctaudioeditor
2	Nctsoft_products	nctaudiofile2
3	Nctsoft_products	nctaudiostudio
4	Nctsoft_products	nctdialogicvoice
1	Iaudiosoft.com	absolute_mp3_splitter
2	Iaudiosoft.com	absolute_sound_recorder
3	Iaudiosoft.com	absolute_video_to_audio_converter
1	Magicvideosoftare	magic_audio_converter
2	Magicvideosoftare	magic_audio_recorder
3	Magicvideosoftare	magic_music_editor
1	Roemer_software	easy_hi-q_converter
2	Roemer_software	easy_hi-q_recorder
3	Roemer_software	free_hi-q_recorder
1	Xrlly_software	arial_audio_converter
2	Xrlly_software	arial_sound_recorder
3	Xrlly_software	text_to_speech_maker
1	Altdo	convert_mp3_master
2	Altdo	mp3_record_and_edit_audio_master
1	Cheetahburner	cheetah_cd_burner
2	Cheetahburner	cheetah_dvd_burner
1	Code-it_softare	abasic_editor
2	Code-it_softare	wave_mp3_editor
1	Joshua_mediasoft	audio_convertor_plus
2	Joshua_mediasoft	video_converter_plus
1	Nextlevel_systems	audio_editor_gold
2	Nextlevel_systems	audio_studio_gold
1	Quikscribe	quikscribe_player
2	Quikscribe	quikscribe_recorder
1	Rmbsoft	audioconvert
2	Rmbsoft	soundedit_pro
1	Virtual_cd	virtual_cd
2	Virtual_cd	virtual_cd_file_server
1	Xwaver.com	magic_audio_editor_pro
2	Xwaver.com	magic_music_studio_pro
1	Imesh.com	imesh
1	Americanshareware	mp3_wav_converter
1	Audio_edit_magic	audio_edit_magic
1	Bearshare	bearshare
1	Cdburnerxp	cdburnerxp_pro
1	Digital_borneo	audio_mixer_and_editor
1	Easy_ringtone_maker	easy_ringtone_maker
1	Expstudio	audio_editor
1	Mediatox	aurora_media_workshop
1	Mp3-soft	mp3_normalizer
1	Recordnrip	recordnrip
1	Sienzo	digital_music_mentor
1	Smart_media_systems	power_audio_editor

: Total Affected Vendor : 33 | Products : 81

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2007-0018.

URL	Resource
http://secunia.com/advisories/22922
http://secunia.com/advisories/23475	Vendor Advisory
http://secunia.com/advisories/23485	Vendor Advisory
http://secunia.com/advisories/23493	Vendor Advisory
http://secunia.com/advisories/23495	Vendor Advisory
http://secunia.com/advisories/23511	Vendor Advisory
http://secunia.com/advisories/23516	Vendor Advisory
http://secunia.com/advisories/23530	Vendor Advisory
http://secunia.com/advisories/23532	Vendor Advisory
http://secunia.com/advisories/23534	Vendor Advisory
http://secunia.com/advisories/23535
http://secunia.com/advisories/23536
http://secunia.com/advisories/23541
http://secunia.com/advisories/23542
http://secunia.com/advisories/23543	Vendor Advisory
http://secunia.com/advisories/23544
http://secunia.com/advisories/23546
http://secunia.com/advisories/23548
http://secunia.com/advisories/23550
http://secunia.com/advisories/23551	Vendor Advisory
http://secunia.com/advisories/23552	Vendor Advisory
http://secunia.com/advisories/23553	Vendor Advisory
http://secunia.com/advisories/23554
http://secunia.com/advisories/23557	Vendor Advisory
http://secunia.com/advisories/23558
http://secunia.com/advisories/23560
http://secunia.com/advisories/23561
http://secunia.com/advisories/23562
http://secunia.com/advisories/23565
http://secunia.com/advisories/23568	Vendor Advisory
http://secunia.com/advisories/23745
http://secunia.com/advisories/23753
http://secunia.com/advisories/23795
http://secunia.com/advisories/25993
http://secunia.com/advisories/26046
http://secunia.com/advisories/26100
http://secunia.com/advisories/26101
http://secunia.com/advisories/28407
http://secunia.com/advisories/30406
http://secunia.com/advisories/30424
http://secunia.com/advisories/30439
http://secunia.com/advisories/30446
http://secunia.com/advisories/30447
http://secunia.com/advisories/30450
http://secunia.com/advisories/30459
http://secunia.com/blog/6/	Vendor Advisory
http://secunia.com/secunia_research/2007-10/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-11/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-12/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-13/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-14/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-15/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-16/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-17/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-18/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-19/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-2/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-20/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-21/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-22/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-23/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-24/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-25/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-26/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-27/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-28/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-29/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-3/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-30/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-31/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-32/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-33/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-34/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-4/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-5/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-50/advisory/
http://secunia.com/secunia_research/2007-6/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-7/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-8/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-9/advisory/	Vendor Advisory
http://www.kb.cert.org/vuls/id/292713	US Government Resource
http://www.securityfocus.com/archive/1/457936/100/200/threaded
http://www.securityfocus.com/archive/1/457940/100/200/threaded
http://www.securityfocus.com/archive/1/457965/100/200/threaded
http://www.securityfocus.com/bid/22196
http://www.securityfocus.com/bid/23892
http://www.vupen.com/english/advisories/2007/0310
https://exchange.xforce.ibmcloud.com/vulnerabilities/31707

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2007-0018 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2007-0018 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by [email protected]

May. 14, 2024

Action Type Old Value New Value

CVE Modified by [email protected]

Oct. 16, 2018

Action	Type	Old Value	New Value
Removed	Reference	http://www.securityfocus.com/archive/1/archive/1/457940/100/200/threaded [No Types Assigned]
Removed	Reference	http://www.securityfocus.com/archive/1/archive/1/457936/100/200/threaded [No Types Assigned]
Removed	Reference	http://www.securityfocus.com/archive/1/archive/1/457965/100/200/threaded [No Types Assigned]
Added	Reference		http://www.securityfocus.com/archive/1/457965/100/200/threaded [No Types Assigned]
Added	Reference		http://www.securityfocus.com/archive/1/457940/100/200/threaded [No Types Assigned]
Added	Reference		http://www.securityfocus.com/archive/1/457936/100/200/threaded [No Types Assigned]

CVE Modified by [email protected]

Jul. 29, 2017

Action	Type	Old Value	New Value
Removed	Reference	http://xforce.iss.net/xforce/xfdb/31707 [No Types Assigned]
Added	Reference		https://exchange.xforce.ibmcloud.com/vulnerabilities/31707 [No Types Assigned]

Initial Analysis by [email protected]

Jan. 25, 2007

Action Type Old Value New Value

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2007-0018 is associated with the following CWEs:

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2007-0018 weaknesses.

CAPEC-8: Buffer Overflow in an API Call Buffer Overflow in an API Call CAPEC-9: Buffer Overflow in Local Command-Line Utilities Buffer Overflow in Local Command-Line Utilities CAPEC-10: Buffer Overflow via Environment Variables Buffer Overflow via Environment Variables CAPEC-14: Client-side Injection-induced Buffer Overflow Client-side Injection-induced Buffer Overflow CAPEC-24: Filter Failure through Buffer Overflow Filter Failure through Buffer Overflow CAPEC-42: MIME Conversion MIME Conversion CAPEC-44: Overflow Binary Resource File Overflow Binary Resource File CAPEC-45: Buffer Overflow via Symbolic Links Buffer Overflow via Symbolic Links CAPEC-46: Overflow Variables and Tags Overflow Variables and Tags CAPEC-47: Buffer Overflow via Parameter Expansion Buffer Overflow via Parameter Expansion CAPEC-100: Overflow Buffers Overflow Buffers CAPEC-123: Buffer Manipulation Buffer Manipulation

CVE-2007-0018

NCTAudioFile2 ActiveX Stack-based Buffer Overflow Vulnerability

Description

INFO

Jan. 24, 2007, 9:28 p.m.

Oct. 16, 2018, 4:30 p.m.

[email protected]

Yes !

10.0

8.6

Affected Products

References to Advisories, Solutions, and Tools

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Initial Analysis by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

95.21 }} 0.36%

0.99282

CVSS2 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable