CVE-2007-0018

Name of the Vulnerable Software and Affected Versions NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll) version not specified Multiple products are affected, including: NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice Magic Audio Recorder, Music Editor, and Audio Converter Aurora Media Workshop DB Audio Mixer And Editor J. Hepple Products including Fx Audio Editor and others EXPStudio Audio Editor iMesh Quikscribe RMBSoft AudioConvert and SoundEdit Pro 2.1 CDBurnerXP Code-it Software Wave MP3 Editor and aBasic Editor Movavi VideoMessage, DVD to iPod, and others SoftDiv Software Dexster, iVideoMAX, and others Sienzo Digital Music Mentor (DMM) MP3 Normalizer Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter Audio Edit Magic Joshua Video and Audio Converter Virtual CD Cheetah CD and DVD Burner Mystik Media AudioEdit Deluxe, Blaze Media, and others Power Audio Editor DanDans Digital Media Full Audio Converter, Music Editing Master, and others Xrlly Software Text to Speech Maker and Arial Sound Recorder / Audio Converter Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter Easy Ringtone Maker RecordNRip McFunSoft iPod Audio Studio, Audio Recorder for Free, and others MP3 WAV Converter BearShare 6.0.2.26789 Oracle Siebel SimBuilder and CRM 7.x

Description A stack-based buffer overflow issue exists in the NCTAudioFile2.AudioFile ActiveX control, which can be exploited by remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function.

Recommendations For the NCTAudioFile2.AudioFile ActiveX control, consider disabling the SetFormatLikeSample function until a patch is available. Restrict access to the NCTAudioFile2.dll module to minimize the risk of exploitation. Avoid using the SetFormatLikeSample function in affected products until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.