Release DateDec 24, 2011 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attempt to exploit a stack based Buffer Overflow vulnerability in products that uses NCTAudioFile2 ActiveX control.The vulnerability is due to the SetFormatLikeSample() function's inability to properly handle overly long strings that are passed to it. A remote attacker could exploit this to execute arbitrary code. |
Affected ProductsNCTAudioEditor ActiveX version 2.7.1 and priorNCTAudioStudio ActiveX version 2.7.1 and prior NCTDialogicVoice ActiveX version 2.7.1 and prior |
Recommended ActionsCurrently we are not aware of any vendor supplied patch for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-0018 |
Reference/shttp://www.frsirt.com/english/advisories/2007/0310 (FrSIRT)http://www.securityfocus.com/bid/22196 (BugTraq) http://xforce.iss.net/xforce/xfdb/31707 http://secunia.com/secunia_research/2007-2/advisory/ http://www.kb.cert.org/vuls/id/292713 http://milw0rm.org/exploits/6175 |
