CVE-2008-4342 - OpenCVE

NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Burnaware Technologies	Burnaware
Impressum	Cdburnerxp
Numedia Soft	Numedia Dvd Burning Sdk

Configuration 1 [-]

OR	cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:free:::::*
	cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:home:::::*
	cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:professional:::::*
	cpe:2.3:a:impressum:cdburnerxp:4.2.1.976:::::::*
	cpe:2.3:a:numedia_soft:numedia_dvd_burning_sdk:1.008:::::::*

References

Link	Resource
http://retrogod.altervista.org/9sg_numedia_xpl.html	Exploit
http://secunia.com/advisories/31936	Vendor Advisory
http://secunia.com/advisories/31949	Vendor Advisory
http://secunia.com/advisories/31950	Vendor Advisory
http://secunia.com/advisories/32455	Vendor Advisory
http://www.securityfocus.com/archive/1/497831/100/0/threaded
http://www.securityfocus.com/bid/31374	Exploit
http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq	Exploit URL Repurposed
http://www.vupen.com/english/advisories/2008/2663	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45330
https://www.exploit-db.com/exploits/6491

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-09-30T17:00:00

Updated: 2018-10-11T19:57:01

Reserved: 2008-09-30T00:00:00

Link: CVE-2008-4342

JSON object: View

NVD Information

Status : Modified

Published: 2008-09-30T17:22:09.507

Modified: 2024-02-14T01:17:43.863

Link: CVE-2008-4342

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-19T00:00:00", "descriptions": [{"lang": "en", "value": "NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "31936", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31936"}, {"tags": ["x_refsource_MISC"], "url": "http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq"}, {"name": "6491", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6491"}, {"name": "ADV-2008-2663", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2663"}, {"name": "20081027 Blaze Media Pro 8.02 SE vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/497831/100/0/threaded"}, {"name": "nmsdvdburning-nmsdvdx-file-overwrite(45330)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45330"}, {"name": "32455", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32455"}, {"name": "31949", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31949"}, {"name": "31374", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31374"}, {"tags": ["x_refsource_MISC"], "url": "http://retrogod.altervista.org/9sg_numedia_xpl.html"}, {"name": "31950", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31950"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4342", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "31936", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31936"}, {"name": "http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq", "refsource": "MISC", "url": "http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq"}, {"name": "6491", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6491"}, {"name": "ADV-2008-2663", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2663"}, {"name": "20081027 Blaze Media Pro 8.02 SE vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497831/100/0/threaded"}, {"name": "nmsdvdburning-nmsdvdx-file-overwrite(45330)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45330"}, {"name": "32455", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32455"}, {"name": "31949", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31949"}, {"name": "31374", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31374"}, {"name": "http://retrogod.altervista.org/9sg_numedia_xpl.html", "refsource": "MISC", "url": "http://retrogod.altervista.org/9sg_numedia_xpl.html"}, {"name": "31950", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31950"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4342", "datePublished": "2008-09-30T17:00:00", "dateReserved": "2008-09-30T00:00:00", "dateUpdated": "2018-10-11T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:free:*:*:*:*:*", "matchCriteriaId": "68B389E7-BC30-4955-826F-C391031ED019", "vulnerable": true}, {"criteria": "cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:home:*:*:*:*:*", "matchCriteriaId": "FFCB0E22-3CA2-4785-882E-C63F17B7F731", "vulnerable": true}, {"criteria": "cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:professional:*:*:*:*:*", "matchCriteriaId": "2545356E-7888-42FA-A5A5-A7C63C4B953D", "vulnerable": true}, {"criteria": "cpe:2.3:a:impressum:cdburnerxp:4.2.1.976:*:*:*:*:*:*:*", "matchCriteriaId": "0CF01099-9B7D-478C-BC6F-283930174F91", "vulnerable": true}, {"criteria": "cpe:2.3:a:numedia_soft:numedia_dvd_burning_sdk:1.008:*:*:*:*:*:*:*", "matchCriteriaId": "FF824977-059F-45C0-8B36-C058FDBB6376", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs."}, {"lang": "es", "value": "El control ActiveX de NMSDVDX.DVDEngineX.1 (biblioteca NMSDVDX.dll) de NuMedia Soft NMS DVD Burning SDK Activex versi\u00f3n 1.013C y anteriores, tal como es usado en CDBurnerXP versi\u00f3n 4.2.1.976, BurnAware versi\u00f3n 2.1.3, Blaze Media Pro versi\u00f3n 8.02 Edici\u00f3n Especial, y posiblemente otros productos, permite a los atacantes remotos sobrescribir y crear archivos arbitrarios por medio de llamadas a los m\u00e9todos EnableLog y LogMessage. NOTA: este problema solo podr\u00eda ser explotable en entornos limitados o configuraciones de navegador no predeterminadas. NOTA: algunos de estos detalles son obtenidos de informaci\u00f3n de terceros. NOTA: esto puede ser aprovechado para la ejecuci\u00f3n de c\u00f3digo remota mediante el acceso a archivos usando las URL hcp://."}], "id": "CVE-2008-4342", "lastModified": "2024-02-14T01:17:43.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-09-30T17:22:09.507", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://retrogod.altervista.org/9sg_numedia_xpl.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31936"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31949"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31950"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32455"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/497831/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/31374"}, {"source": "cve@mitre.org", "tags": ["Exploit", "URL Repurposed"], "url": "http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/2663"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45330"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6491"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}