CVE-2008-4342

Name of the Vulnerable Software and Affected Versions: NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 version 1.013C and earlier

Description: The issue allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. This can potentially be leveraged for remote code execution by accessing files using hcp:// URLs. It is noted that this issue might only be exploitable in limited environments or non-default browser settings.

Recommendations: For NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 version 1.013C and earlier, consider disabling the EnableLog and LogMessage methods as a temporary workaround until a patch is available. Restrict access to the NMSDVDX.dll file to minimize the risk of exploitation.