Re: Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow
Hello,
The following products are also affected and currently unpatched:
Magic Video Products NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/3/
Aurora Media Workshop NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/4/
DB Audio Mixer And Editor NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/5/
J. Hepple Products NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/6/
EXPStudio Audio Editor NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/7/
iMesh NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/8/
Quikscribe Products NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/9/
RMBSoft Products NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/10/
CDBurnerXP Pro NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/11/
Code-it Software Products NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/12/
Movavi Products NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/13/
SoftDiv Software Products NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/14/
MP3 Normalizer NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/16/
Roemer Software Products NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/17/
Audio Edit Magic NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/18/
Joshua Software Products NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/19/
Virtual CD Products NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/20/
Cheetah CD/DVD Burner NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/21/
Mystik Media Products NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/22/
Power Audio Editor NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/23/
DanDans Digital Media Products NCTAudioFile2 ActiveX Control Buffer
Overflow
http://secunia.com/secunia_research/24/
Xrlly Software NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/25/
Absolute Software Products NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/26/
Easy Ringtone Maker NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/27/
RecordNRip NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/28/
McFunSoft Products NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/29/
MP3 WAV Converter NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/30/
NextLevel Systems Products NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/32/
Altdo Software Products NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/33/
Cool Audio Products NCTAudioFile2 ActiveX Control Buffer Overflow
http://secunia.com/secunia_research/34/
On Wed, 2007-01-24 at 16:13 +0100, Secunia Research wrote:
> ======================================================================
>
> Secunia Research 24/01/2007
>
> - NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow -
>
> ======================================================================
> Table of Contents
>
> Affected Software....................................................1
> Severity.............................................................2
> Vendor's Description of Software.....................................3
> Description of Vulnerability.........................................4
> Solution.............................................................5
> Time Table...........................................................6
> Credits..............................................................7
> References...........................................................8
> About Secunia........................................................9
> Verification........................................................10
>
> ======================================================================
> 1) Affected Software
>
> The vulnerability is confirmed in the following products:
> - NCTAudioStudio 2.7.1
> - NCTAudioEditor 2.7.1
> - NCTDialogicVoice 2.7.1
>
> NOTE: Other versions and products may also be affected.
>
> ======================================================================
> 2) Severity
>
> Rating: Highly critical
> Impact: System compromise
> Where: Remote
>
> ======================================================================
> 3) Vendor's Description of Software
>
> "NCTAudioEditor ActiveX DLL is a visual multifunctional audio files
> editor. It can be used to build applications, which allow end-users to
> perform various operations with audio data such as displaying a
> waveform image and a spectral view of an audio file, recording,
> playing, editing, mixing, applying various audio effects and filters,
> format conversion and more. Supports all major audio formats.".
>
> Product Link:
> http://nctsoft.com/products/NCTAudioEditor2/
>
>
> "NCTAudioStudio is a package of 18 ActiveX Controls DLLs for work with
> audio data."
>
> Product Link:
> http://nctsoft.com/products/NCTAudioStudio2/
>
>
> "NCTDialogicVoice is a rapid application development tool for Dialogic
> voice boards."
>
> Product Link:
> http://nctsoft.com/products/NCTDialogicVoice2/
>
> ======================================================================
> 4) Description of Vulnerability
>
> Secunia Research has discovered a vulnerability in NCTAudioStudio,
> NCTAudioEditor, and NCTDialogicVoice, which can be exploited by
> malicious people to compromise a user's system.
>
> The vulnerability is caused due to a boundary error in the
> NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll) when
> handling the "SetFormatLikeSample()" method. This can be exploited to
> cause a stack-based buffer overflow by passing an overly long string
> (about 4124 bytes) as argument to the affected method.
>
> Successful exploitation allows execution of arbitrary code when a user
> e.g. visits a malicious website.
>
> ======================================================================
> 5) Solution
>
> Set the kill-bit for the affected ActiveX control.
>
> Use another product.
>
> ======================================================================
> 6) Time Table
>
> 03/01/2007 - Vendor notified.
> 10/01/2007 - Vendor notified again.
> 17/01/2007 - Other vendors using vulnerable component contacted.
> 24/01/2007 - Public disclosure.
>
> ======================================================================
> 7) Credits
>
> Discovered by Carsten Eiram, Secunia Research.
>
> ======================================================================
> 8) References
>
> The Common Vulnerabilities and Exposures (CVE) project has assigned
> CVE-2007-0018 for the vulnerability.
>
> ======================================================================
> 9) About Secunia
>
> Secunia offers vulnerability management solutions to corporate
> customers with verified and reliable vulnerability intelligence
> relevant to their specific system configuration:
>
> http://corporate.secunia.com/
>
> Secunia also provides a publicly accessible and comprehensive advisory
> database as a service to the security community and private
> individuals, who are interested in or concerned about IT-security.
>
> http://secunia.com/
>
> Secunia believes that it is important to support the community and to
> do active vulnerability research in order to aid improving the
> security and reliability of software in general:
>
> http://corporate.secunia.com/secunia_research/33/
>
> Secunia regularly hires new skilled team members. Check the URL below
> to see currently vacant positions:
>
> http://secunia.com/secunia_vacancies/
>
> Secunia offers a FREE mailing list called Secunia Security Advisories:
>
> http://secunia.com/secunia_security_advisories/
>
> ======================================================================
> 10) Verification
>
> Please verify this advisory by visiting the Secunia website:
> http://secunia.com/secunia_research/2007-2/
>
> Complete list of vulnerability reports published by Secunia Research:
> http://secunia.com/secunia_research/
>
> ======================================================================
>
>