CVE-2007-3493

NCTAudioStudio <2.7 - Path Traversal

Title source: llm

Description

A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/4109

View Code ZIP pw:eip

References (8)

[Various Sources] http://www.shinnai.altervista.org/exploits/ntcwavchunkstxt.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/35081

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4109

[Third Party Advisory, VDB Entry] http://osvdb.org/37673

[Vendor Advisory] http://secunia.com/advisories/25851

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/24656

[Various Sources] http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Exploits&argument=Remote&topic=1182845325.ff.php&page=last

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/2351

Scores

EPSS 0.4523

EPSS Percentile 97.6%

Details

Status published

Products (3)

microsoft/internet_explorer 7.0

nctsoft_products/nctaudiostudio 2.7

nctsoft_products/nctwavchunkseditor2.dll 2.6.1.148

Published Jun 29, 2007

Tracked Since Feb 18, 2026