CVE-2008-4342

Burnaware - Improper Input Validation

Title source: rule

Description

NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nine:Situations:Group · htmlremotewindows

https://www.exploit-db.com/exploits/6491

View Code ZIP pw:eip

References (11)

[Vendor Advisory] http://secunia.com/advisories/31936

[Exploit, URL Repurposed] http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6491

[Vendor Advisory] http://www.vupen.com/english/advisories/2008/2663

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/497831/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45330

[Vendor Advisory] http://secunia.com/advisories/32455

[Vendor Advisory] http://secunia.com/advisories/31949

[Exploit] http://www.securityfocus.com/bid/31374

[Exploit] http://retrogod.altervista.org/9sg_numedia_xpl.html

[Vendor Advisory] http://secunia.com/advisories/31950

Scores

EPSS 0.2124

EPSS Percentile 95.7%

Details

CWE

CWE-20

Status published

Products (3)

burnaware_technologies/burnaware 2.1.3 unknown (3 CPE variants)

impressum/cdburnerxp 4.2.1.976

numedia_soft/numedia_dvd_burning_sdk 1.008

Published Sep 30, 2008

Tracked Since Feb 18, 2026