CVE-2007-3400
published 2007-06-26CVE-2007-3400: The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite…
PriorityP343critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
3.64%
88.2th percentile
The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| nctsoft | nctaudioeditor | — | — |
| nctsoft | nctaudiostudio | — | — |
| nctsoft_products | nctaudiostudio | — | — |
| nctsoft_products | nctwavchunkseditor2.dll | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xp3w-m47v-rv5p: A certain ActiveX control in NCTWavChunksEditor2
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-3493 [CRITICAL] GHSA-xp3w-m47v-rv5p: A certain ActiveX control in NCTWavChunksEditor2
A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400.
GHSA
GHSA-25x2-3h45-fchh: The NCTAudioEditor2 ActiveX control in NCTWMAFile2
ghsa_unreviewed·2022-05-01
CVE-2007-3400 [HIGH] CWE-20 GHSA-25x2-3h45-fchh: The NCTAudioEditor2 ActiveX control in NCTWMAFile2
The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method.
No detection rules found.
Exploit-DB
NCTAudioEditor2 ActiveX DLL 'NCTWMAFile2.dll 2.6.2.157' - File Write
exploitdb·2007-06-25
CVE-2007-3400 NCTAudioEditor2 ActiveX DLL 'NCTWMAFile2.dll 2.6.2.157' - File Write
NCTAudioEditor2 ActiveX DLL 'NCTWMAFile2.dll 2.6.2.157' - File Write
---
NCTAudioEditor2 ActiveX DLL (NCTWMAFile2.dll v. 2.6.2.157) "CreateFile()"Insecure Method
url: http://www.nctsoft.com/products/NCTAudioEditor2/
author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
This was written for educational purpose. Use it at your own risk.
Author will be not be responsible for any damage.
THE EXPLOIT WILL OWERWRITE THE system.ini FILE SO BE SURE TO MAKE A COPY OF
IT BEFORE RUN THIS EXPLOIT OR YOUR PC WILL NOT RESTART!
Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
all software that use this ocx (for example Sienzo DMM) are vulnerable to this exploits.
Time Table: 2007/20/06 -> Bug discovered
2007/20/06 -> Vendor notified by m
Exploit-DB
Apple Mac OSX 10.4.8 (8L2127) - 'crashdump' Local Privilege Escalation
exploitdb·2007-01-29
CVE-2007-0467 Apple Mac OSX 10.4.8 (8L2127) - 'crashdump' Local Privilege Escalation
Apple Mac OSX 10.4.8 (8L2127) - 'crashdump' Local Privilege Escalation
---
#!/usr/bin/ruby
# Copyright (c) 2007 Kevin Finisterre
# Lance M. Havok
# All pwnage reserved.
#
# 1) Stop crashdump from writing to ~/Library/Logs via chmod 000 ~/Library/Logs/CrashReporter
# 2) Make symlink to /Library/Logs/CrashReporter/knownprog.crash.log
# 3) Create a program with a modified __LINKEDIT segment that influences crashreporter output
#
# 0000320: 3800 0000 5f5f 4c49 4e4b 4544 4954 0000 8...__LINKEDIT..
# 0000330: 0000 0000 0040 0000 0010 0000 0030 0000 [email protected]..
# 0000340: 2004 0000 0300 0000 0100 0000 0000 0000 ...............
# 0000350: 0400 0000 0e00 0000 1c00 0000 0c00 0000 ................
# 0000360: 2f75 7372 2f6c 6962 2f64 796c 6400 0000 /usr/lib/dyld...
# 0000370: 0c00 0000 3400 000
No writeups or analysis indexed.
http://osvdb.org/37674http://secunia.com/advisories/25825http://www.securityfocus.com/bid/24613http://www.vupen.com/english/advisories/2007/2351https://exchange.xforce.ibmcloud.com/vulnerabilities/35018https://www.exploit-db.com/exploits/4101http://osvdb.org/37674http://secunia.com/advisories/25825http://www.securityfocus.com/bid/24613http://www.vupen.com/english/advisories/2007/2351https://exchange.xforce.ibmcloud.com/vulnerabilities/35018https://www.exploit-db.com/exploits/4101
2007-06-26
Published