CVE-2007-3493

Name of the Vulnerable Software and Affected Versions NCTAudioStudio version 2.7

Description A certain ActiveX control in NCTWavChunksEditor2.dll allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method.

Recommendations For NCTAudioStudio version 2.7, consider disabling the CreateFile method in the NCTWavChunksEditor2.dll ActiveX control as a temporary workaround until a patch is available. Restrict access to the NCTWavChunksEditor2.dll module to minimize the risk of exploitation. Avoid using the full pathname argument in the CreateFile method until the issue is resolved.