Lucene search

[email protected]CVE-2008-0959

HistoryMay 29, 2008 - 4:32 p.m.

CVE-2008-0959

2008-05-2916:32:00

CWE-119

[email protected]

web.nvd.nist.gov

online media technologies

nctsoft

nctaudioinformation2

buffer overflow

cve-2008-0959

security vulnerability

remote code execution

activex control

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.366 Low

EPSS

Percentile

97.2%

JSON

Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX control in NCTAudioInformation2.dll, as used in (1) Power Audio CD Grabber 1.0, (2) Power Audio CD Burner 1.02, (3) CinematicMP3 1.4.0.0, (4) Alive MP3 WAV Converter 3.9.3.2, and possibly other products, allow remote attackers to execute arbitrary code via unspecified vectors.

Affected configurations

NVD

Node

alivemediaalive_mp3_wav_converterMatch3.9.3.2

online_media_technologiesnctaudioeditor_activex_control

online_media_technologiesnctaudiostudio_activex_control

orion_studioscinematicmp3Match1.4.0.0

ussunpower_audio_cd_burnerMatch1.02

ussunpower_audio_cd_grabberMatch1.0

CPENameOperatorVersion
alivemedia:alive_mp3_wav_converteralivemedia alive mp3 wav convertereq3.9.3.2
online_media_technologies:nctaudioeditor_activex_controlonline media technologies nctaudioeditor activex controleq*
online_media_technologies:nctaudiostudio_activex_controlonline media technologies nctaudiostudio activex controleq*
orion_studios:cinematicmp3orion studios cinematicmp3eq1.4.0.0
ussun:power_audio_cd_burnerussun power audio cd burnereq1.02
ussun:power_audio_cd_grabberussun power audio cd grabbereq1.0

CPE	Name	Operator	Version
alivemedia:alive_mp3_wav_converter	alivemedia alive mp3 wav converter	eq	3.9.3.2
online_media_technologies:nctaudioeditor_activex_control	online media technologies nctaudioeditor activex control	eq	*
online_media_technologies:nctaudiostudio_activex_control	online media technologies nctaudiostudio activex control	eq	*
orion_studios:cinematicmp3	orion studios cinematicmp3	eq	1.4.0.0
ussun:power_audio_cd_burner	ussun power audio cd burner	eq	1.02
ussun:power_audio_cd_grabber	ussun power audio cd grabber	eq	1.0

References

secunia.com/advisories/30395

secunia.com/advisories/30415

secunia.com/advisories/30418

secunia.com/advisories/30419

secunia.com/advisories/30421

secunia.com/advisories/30445

secunia.com/advisories/30451

secunia.com/advisories/30452

secunia.com/advisories/30453

secunia.com/advisories/30454

secunia.com/advisories/30456

secunia.com/advisories/30457

secunia.com/advisories/30458

www.kb.cert.org/vuls/id/669265

www.vupen.com/english/advisories/2008/1669

exchange.xforce.ibmcloud.com/vulnerabilities/42680

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.366 Low

EPSS

Percentile

97.2%

JSON

Related for CVE-2008-0959

cert1 cvelist1 seebug2 prion1 nvd1