CVE-2008-0959

Name of the Vulnerable Software and Affected Versions Power Audio CD Grabber version 1.0 Power Audio CD Burner version 1.02 CinematicMP3 version 1.4.0.0 Alive MP3 WAV Converter version 3.9.3.2

Description The issue is related to multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX control. This control is used in various products, allowing remote attackers to execute arbitrary code via unspecified vectors. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For Power Audio CD Grabber version 1.0, consider disabling the NCTAudioInformation2 ActiveX control until a patch is available. For Power Audio CD Burner version 1.02, restrict access to the NCTAudioInformation2.dll module to minimize the risk of exploitation. For CinematicMP3 version 1.4.0.0, avoid using the affected ActiveX control in the application until the issue is resolved. For Alive MP3 WAV Converter version 3.9.3.2, as a temporary workaround, consider removing or disabling the NCTAudioInformation2 ActiveX control from the system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.