NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability

BID:22196

Info

NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability

Bugtraq ID: 22196
Class: Boundary Condition Error
CVE: CVE-2007-0018
Remote: Yes
Local: No
Published: Jan 24 2007 12:00AM
Updated: Jul 31 2008 06:47PM
Credit: Secunia Research and Will Dormann of CERT/CC are credited with the discovery of this vulnerability.
Vulnerable: Xrlly Software Text to Speech Maker 1
Xrlly Software Arial Sound Recorder 1
Xrlly Software Arial Audio Converter 2
TEC Software TEC Sound Recorder 1.0
Stefan Haglund, Fredrik Haglund, Florian Schmitz CDBurner XP Pro 3
Stefan Haglund, Fredrik Haglund, Florian Schmitz CDBurner XP Pro 2
Stefan Bethge CDBurnerXP Pro 3.0.116
SoftDiv VIDEOzilla 2
SoftDiv Snosh 1
SoftDiv MP3 to WAV Converter 3
SoftDiv iVideoMAX 3
SoftDiv Dexster Audio Editor 3
SmartMedia Systems Power Audio Editor 11
Sienzo Digital Music Mentor 2
Roemersoftware Free Hi-Q Recorder 1.9
Roemersoftware Easy Hi-Q Recorder 2.0
Roemersoftware Easy Hi-Q Converter 1.7
RMBSoft AudioConvert 3.1.0.125
RMBSoft Audio Converter 3
Recordnrip RecordNRip 1
Quikscribe Recorder 5
Quikscribe Player 5
Plato Software Video Joiner 4.57
Plato Software DVD Creator 3.7
Oracle Siebel SimBuilder 7.8.5 build 2635
NextLevel Software Audio Studio Gold 7
NextLevel Software Audio Editor Gold 9
NextLevel Software Audio Editor Gold 0.2.5 Build 424
NCTsoft NCTDialogicVoice ActiveX DLL 2
NCTsoft NCTAudioStudio ActiveX DLL 2
NCTsoft NCTAudioEditor ActiveX DLL 2
Mystik Media ContextConvert Pro 3.1
Mystik Media Context Convert Pro 3
Mystik Media Blaze Media Pro 7
Mystik Media Blaze Media Pro 6
Mystik Media Blaze Media Convert 3.4
Mystik Media Blaze Media Convert 3
Mystik Media AudioEdit Deluxe 4.10
Mystik Media AudioEdit Deluxe 4
Mystik Media AudioEdit Deluxe 3
Musiclab BearShare 6.0.2 .26789
MP3-Soft MP3 Normalizer 1.03
Movavi VideoSuite 3
Movavi VideoMessage 1
Movavi Splitmovie 1
Movavi DVD to iPod 1
Movavi ConvertMovie 4
Movavi ConvertMovie 3
Movavi ChiliBurner 2
MightSOFT EZ Audio Server 2
MightSOFT Audio Editor Pro 2
McFunSoft Recording to iPod Solution 5
McFunSoft iPod Music Converter 5
McFunSoft iPod Audio Studio 6
McFunSoft Audio Studio 6
McFunSoft Audio Recorder for Free 6
McFunSoft Audio Editor 6
Magic Video Software Magic Music Editor 5
Magic Video Software Magic Audio Recorder 5
Magic Video Software Magic Audio Converter 8
Magic Software Magic Rm AVI Mpeg to MP3 Converter & Editor 2
Joshua Mediasoft Video Converter Plus 3.01
Joshua Mediasoft Audio Converter Plus 2.2
J. Hepple FX Video Converter 7
J. Hepple FX New Sound 5
J. Hepple FX Movie Splitter 6
J. Hepple FX Movie Joiner 6
J. Hepple FX Magic Music 5
J. Hepple FX Joiner and Splitter 6
J. Hepple FX ConCat Audio Joiner 1
J. Hepple FX Audio Tools 7
J. Hepple FX Audio Editor 4
iMesh iMesh 7
Hit-Recorder Hit-Recorder 2.2.3 7
Hit-Recorder Hit-Recorder 1.7 0
HiFi Software RM WMA Converter 2.70
HiFi Software RM WAV Converter 2.70
HiFi Software RM OGG Converter 2.70
HiFi Software RM MP3 Converter 2.70
HiFi Software RM Audio Converter 2.70
HiFi Software MP3 Audio Splitter Joiner 3.00
HiFi Software MP3 Audio Recorder Joiner 2.11
HiFi Software HiFi WMA Splitter Joiner 3.00
HiFi Software HiFi WMA Recorder Joiner 2.00
HiFi Software HiFi WAV Splitter Joiner 3.00
HiFi Software HiFi OGG Splitter Joiner 3.00
HiFi Software HiFi MP3 Recorder Joiner 2.00
HiFi Software CD To MP3 RM Ripper 1.70
H+H Software Virtual CD File Server 7
H+H Software Virtual CD 8
H+H Software Virtual CD 7
H+H Software Virtual CD 6
goodvdsoft.com Goo DVD To WMV Converter 1.00
goodvdsoft.com Goo DVD To WMA Converter 1.00
goodvdsoft.com Goo DVD To WAV Converter 1.00
goodvdsoft.com Goo DVD To Video Converter 1.00
goodvdsoft.com Goo DVD To RM Converter 1.00
goodvdsoft.com Goo DVD To OGG Converter 1.00
goodvdsoft.com Goo DVD To MPEG Converter 1.00
goodvdsoft.com Goo DVD To MP3 Converter 1.00
goodvdsoft.com Goo DVD To Audio Converter 1.00
goodvdsoft.com Easy DVD Converter 1.00
Focus Systems Focus MP3 Recorder Splitter 3.4
Focus Systems Focus MP3 Recorder Pro 3.4
Focus Systems Focus Audio Converter 3.2
Focus Systems Focus All CD/DVD Burner 2.1 .1
EXPStudio Audio Editor 4
Easy Ringtone Maker Easy Ringtone Maker 2
Digital Smart Digital Music Record Convert Burn Station 7.4.3.15
Digital Smart Digital Music Digital Edit Burn Studio 8.0.4.1
Digital Smart Digital Audio Editor 7.4.0.10
Digital Smart Digital Audio CD Burner 7.4.0.10
Digital Smart Audio Convert Master 7.4.0.10
Digital Borneo DB Audio Mixer and Editor 1.1
Digital Borneo DB Audio Mixer and Editor 1
DanDans Digital Media Visual Video Converter 4
DanDans Digital Media Music Editing Master 5
DanDans Digital Media Full Audio Converter 4
DanDans Digital Media Easy Audio Editor 7
Cool Audio Software Magic Music Studio Pro 7
Cool Audio Software Magic Audio Editor Pro 10
ColorfulSoft Colorful Music Editor 2.0
ColorfulSoft Colorful Audio Recorder 2.0
Color7 Technology Power Music Editor 7.4.0.10
Color7 Technology Music Fan's Factory 9.2.23
Code-it Software Wave MP3 Editor 10
Code-it Software RockN Audio 4
Code-it Software aBasic Editor 10.1
Code-it Software aBasic Editor 10
Cheetah Website Corporation DVD Burner 1.79
Cheetah Website Corporation DVD Burner 1
Cheetah Website Corporation CD Burner 3.56
Cheetah Website Corporation CD Burner 3
Aurora Software Aurora Media Workshop 3.3.25
Aurora Software Aurora Media Workshop 3
Audiotool.net Ease MP3 Recorder 1
AudioEditMagic Audio Edit Magic 9.2.3
AudioEditMagic Audio Edit Magic 9.2.3 389
Audio Tools Factory Vista MP3 Recorder 1.00
Arial Sound Recorder 1.4.3
Arial Audio Converter 2.3.40
AMW Gold Wave Editor 9.9
American Shareware Technologies MP3 WAV Converter 3
Altdo Software Mp3 Record&Edit Audio Master 1
Altdo Software Mp3 Record&Edit Audio Maste 1.2
Altdo Software Convert Mp3 Master 1.1
Altdo Software Altdo Convert Mp3 Master 1
ALO Software ALO RM to MP3 Converter 7.0
ALO Software ALO Audio Editor 3.2
Akram Software Akram Media Creator 1
Akram Software Akram Audio Editor 2
Akram Software Akram Audio Converter 5
Absolute Software Video to Audio Converter 2.7.9
Absolute Software Sound Recorder 3.4.5
Absolute Software MP3 Splitter 2.5.4
Absolute Software Absolute Video to Audio Converter 2
Absolute Software Absolute Sound Recorder 3
Absolute Software Absolute MP3 Splitter 2
A-one Software Video To Audio 4.42
A-one Software Video Joiner 4.75
A-one Software DVD Creator 5.72
Not Vulnerable:

Discussion

NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability

NCTsoft NCTAudioFile2 ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.

NCTAudioEditor is a collection of ActiveX controls for manipulating audio data. Numerous audio software products use the vulnerable 'NCTAudioFile2.AudioFile' ActiveX component.

NCTAudioStudio 2.7.1, NCTAudioEditor 2.7.1, and NCTDialogicVoice 2.7.1 are affected by this vulnerability; other versions may be affected as well.

NOTE: Please see the vulnerable systems section for third-party products that are affected because they depend on this ActiveX control.

Exploit / POC

NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability

UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

The Symantec DeepSight Team has discovered that this isssue is being exploited in the wild by the updated version of Trojan.Peacomm.

The following exploits are available:

Solution / Fix

NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report