Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-3493 — Products Nctaudiostudio vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

45.2%

top 2.39%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer Nctsoft Products Nctaudiostudio Nctsoft Products Nctwavchunkseditor2.dll

Timeline

PublishedJun 29

Latest updateMay 1

Description

A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDnctsoft_products/nctaudiostudio2.7

▶NVDnctsoft_products/nctwavchunkseditor2.dll2.6.1.148

▶NVDmicrosoft/internet_explorer7.0

🔴Vulnerability Details

GHSA

GHSA-xp3w-m47v-rv5p: A certain ActiveX control in NCTWavChunksEditor2↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()'/ Insecure Method↗2007-06-26

▶