PT-2007-4672 · Nct · Nctaudioeditor+2
Shinnai
·
Publicado
2007-06-26
·
Atualizado
2017-10-11
·
CVE-2007-3400
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
NCTAudioEditor2 version 2.6.2.157
NCTAudioEditor versions 2.7 and earlier
NCTAudioStudio versions 2.7 and earlier
Description
The issue allows remote attackers to overwrite arbitrary files. This is achieved via the CreateFile method in the NCTAudioEditor2 ActiveX control.
Recommendations
For NCTAudioEditor2 version 2.6.2.157, consider disabling the CreateFile method until a patch is available.
For NCTAudioEditor versions 2.7 and earlier, restrict access to the NCTAudioEditor2 ActiveX control to minimize the risk of exploitation.
For NCTAudioStudio versions 2.7 and earlier, avoid using the CreateFile method in the affected ActiveX control until the issue is resolved.
Exploit
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Nctaudioeditor
Nctaudioeditor2
Nctaudiostudio