CVE-2007-3400

Nctsoft Nctaudioeditor - Improper Input Validation

Title source: rule

Description

The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/4101

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] http://osvdb.org/37674

[Exploit] http://www.securityfocus.com/bid/24613

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4101

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/35018

[Vendor Advisory] http://secunia.com/advisories/25825

[Vendor Advisory] http://www.vupen.com/english/advisories/2007/2351

Scores

EPSS 0.1034

EPSS Percentile 93.2%

Details

CWE

CWE-20

Status published

Products (2)

nctsoft/nctaudioeditor _nil_

nctsoft/nctaudiostudio 2.7

Published Jun 26, 2007

Tracked Since Feb 18, 2026