CVE-2007-3493

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2007-3493
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2007-06-29 18:30:00 UTC
Updated2021-07-23 15:05:00 UTC
DescriptionA certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Microsoft Ie 7.0 All All All
Application Microsoft Ie 7.0 All All All
Application Microsoft Internet Explorer 7.0 All All All
Operating System Microsoft Windows Xp All sp2 All All
Operating System Microsoft Windows Xp All sp2 All All
Application Nctsoft Products Nctaudiostudio 2.7 All All All
Application Nctsoft Products Nctaudiostudio 2.7 All All All
Application Nctsoft Products Nctwavchunkseditor2.dll 2.6.1.148 All All All
Application Nctsoft Products Nctwavchunkseditor2.dll 2.6.1.148 All All All

References

ReferenceSourceLinkTags
shinnai.altervista.org MISC www.shinnai.altervista.org
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH VUPEN www.vupen.com
NCTAudioStudio2 ActiveX Control NCTWavChunksEditor.DLL Arbitrary File Overwrite Vulnerability BID www.securityfocus.com
NCTAudioStudio NCTWavChunksEditor2 ActiveX Control "CreateFile()" Insecure Method - Secunia.com SECUNIA secunia.com Vendor Advisory
IBM X-Force Exchange XF exchange.xforce.ibmcloud.com
shinnai.altervista.org MISC www.shinnai.altervista.org
NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()'/ Insecure Method - Windows remote Exploit EXPLOIT-DB www.exploit-db.com
37673 OSVDB osvdb.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report