NCTsoft.NCTAudioFile2.ActiveX.Control.Buffer.Overflow
Description
This indicates an attempt to exploit a stack-based buffer-overflow vulnerability in products that use the NCTAudioFile2 ActiveX control.
The vulnerability is due to the SetFormatLikeSample() function's inability to properly handle overly long strings that are passed to it. A remote attacker could exploit this to execute arbitrary code.
Affected Products
NCTAudioEditor ActiveX version 2.7.1 and prior.
NCTAudioStudio ActiveX version 2.7.1 and prior.
NCTDialogicVoice ActiveX version 2.7.1 and prior.
Impact
Gain Access.
Recommended Actions
The vendor has not supplied any patches for this issue as of this writing.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-07-23 | 14.657 | Sig Added |