Intrusion Prevention

NCTsoft.NCTAudioFile2.ActiveX.Control.Buffer.Overflow

Description

This indicates an attempt to exploit a stack-based buffer-overflow vulnerability in products that use the NCTAudioFile2 ActiveX control.
The vulnerability is due to the SetFormatLikeSample() function's inability to properly handle overly long strings that are passed to it. A remote attacker could exploit this to execute arbitrary code.

Affected Products

NCTAudioEditor ActiveX version 2.7.1 and prior.
NCTAudioStudio ActiveX version 2.7.1 and prior.
NCTDialogicVoice ActiveX version 2.7.1 and prior.

Impact

Gain Access.

Recommended Actions

The vendor has not supplied any patches for this issue as of this writing.

CVE References

CVE-2007-0018