CVE-2008-0959 - OpenCVE

Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX control in NCTAudioInformation2.dll, as used in (1) Power Audio CD Grabber 1.0, (2) Power Audio CD Burner 1.02, (3) CinematicMP3 1.4.0.0, (4) Alive MP3 WAV Converter 3.9.3.2, and possibly other products, allow remote attackers to execute arbitrary code via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Online Media Technologies	Nctaudiostudio Activex Control Nctaudioeditor Activex Control
Ussun	Power Audio Cd Grabber Power Audio Cd Burner
Orion Studios	Cinematicmp3
Alivemedia	Alive Mp3 Wav Converter

Configuration 1 [-]

OR	cpe:2.3:a:alivemedia:alive_mp3_wav_converter:3.9.3.2:::::::*
	cpe:2.3:a:online_media_technologies:nctaudioeditor_activex_control::::::::
	cpe:2.3:a:online_media_technologies:nctaudiostudio_activex_control::::::::
	cpe:2.3:a:orion_studios:cinematicmp3:1.4.0.0:::::::*
	cpe:2.3:a:ussun:power_audio_cd_burner:1.02:::::::*
	cpe:2.3:a:ussun:power_audio_cd_grabber:1.0:::::::*

References

Link	Resource
http://secunia.com/advisories/30395
http://secunia.com/advisories/30415	Vendor Advisory
http://secunia.com/advisories/30418
http://secunia.com/advisories/30419
http://secunia.com/advisories/30421
http://secunia.com/advisories/30445
http://secunia.com/advisories/30451
http://secunia.com/advisories/30452
http://secunia.com/advisories/30453
http://secunia.com/advisories/30454
http://secunia.com/advisories/30456
http://secunia.com/advisories/30457
http://secunia.com/advisories/30458
http://www.kb.cert.org/vuls/id/669265	US Government Resource
http://www.vupen.com/english/advisories/2008/1669
https://exchange.xforce.ibmcloud.com/vulnerabilities/42680

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2008-05-29T16:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-02-25T00:00:00

Link: CVE-2008-0959

JSON object: View

NVD Information

Status : Modified

Published: 2008-05-29T16:32:00.000

Modified: 2017-08-08T01:29:47.417

Link: CVE-2008-0959

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-05-27T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX control in NCTAudioInformation2.dll, as used in (1) Power Audio CD Grabber 1.0, (2) Power Audio CD Burner 1.02, (3) CinematicMP3 1.4.0.0, (4) Alive MP3 WAV Converter 3.9.3.2, and possibly other products, allow remote attackers to execute arbitrary code via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "30395", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30395"}, {"name": "30419", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30419"}, {"name": "nctaudiostudio-nctaudioinformation2-bo(42680)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42680"}, {"name": "VU#669265", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/669265"}, {"name": "30451", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30451"}, {"name": "ADV-2008-1669", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1669"}, {"name": "30418", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30418"}, {"name": "30454", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30454"}, {"name": "30445", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30445"}, {"name": "30421", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30421"}, {"name": "30457", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30457"}, {"name": "30453", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30453"}, {"name": "30415", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30415"}, {"name": "30458", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30458"}, {"name": "30452", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30452"}, {"name": "30456", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30456"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2008-0959", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX control in NCTAudioInformation2.dll, as used in (1) Power Audio CD Grabber 1.0, (2) Power Audio CD Burner 1.02, (3) CinematicMP3 1.4.0.0, (4) Alive MP3 WAV Converter 3.9.3.2, and possibly other products, allow remote attackers to execute arbitrary code via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "30395", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30395"}, {"name": "30419", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30419"}, {"name": "nctaudiostudio-nctaudioinformation2-bo(42680)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42680"}, {"name": "VU#669265", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/669265"}, {"name": "30451", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30451"}, {"name": "ADV-2008-1669", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1669"}, {"name": "30418", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30418"}, {"name": "30454", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30454"}, {"name": "30445", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30445"}, {"name": "30421", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30421"}, {"name": "30457", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30457"}, {"name": "30453", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30453"}, {"name": "30415", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30415"}, {"name": "30458", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30458"}, {"name": "30452", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30452"}, {"name": "30456", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30456"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2008-0959", "datePublished": "2008-05-29T16:00:00", "dateReserved": "2008-02-25T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:alivemedia:alive_mp3_wav_converter:3.9.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "25BC6A2A-67DE-4918-B6ED-E1B636559D20", "vulnerable": true}, {"criteria": "cpe:2.3:a:online_media_technologies:nctaudioeditor_activex_control:*:*:*:*:*:*:*:*", "matchCriteriaId": "09278FE6-820B-4D31-9665-DB539BB23BBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:online_media_technologies:nctaudiostudio_activex_control:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F7078A0-94D6-42F4-B413-AFA7C966AA87", "vulnerable": true}, {"criteria": "cpe:2.3:a:orion_studios:cinematicmp3:1.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D92263D-7282-427F-8C93-EAF55990493D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ussun:power_audio_cd_burner:1.02:*:*:*:*:*:*:*", "matchCriteriaId": "E5442CA4-4185-414D-BADF-659FDC157B2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ussun:power_audio_cd_grabber:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDDACACA-B499-435F-AB3A-97545B082A98", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX control in NCTAudioInformation2.dll, as used in (1) Power Audio CD Grabber 1.0, (2) Power Audio CD Burner 1.02, (3) CinematicMP3 1.4.0.0, (4) Alive MP3 WAV Converter 3.9.3.2, and possibly other products, allow remote attackers to execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de bufer basados en pila en el control ActiveX Online Media Technologies NCTSoft NCTAudioInformation2 en NCTAudioInformation2.dll, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."}], "id": "CVE-2008-0959", "lastModified": "2017-08-08T01:29:47.417", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-05-29T16:32:00.000", "references": [{"source": "cret@cert.org", "url": "http://secunia.com/advisories/30395"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30415"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/30418"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/30419"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/30421"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/30445"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/30451"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/30452"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/30453"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/30454"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/30456"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/30457"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/30458"}, {"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/669265"}, {"source": "cret@cert.org", "url": "http://www.vupen.com/english/advisories/2008/1669"}, {"source": "cret@cert.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42680"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}