CVE-2008-4342

NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://retrogod.altervista.org/9sg_numedia_xpl.html	Exploit
http://secunia.com/advisories/31936	Vendor Advisory
http://secunia.com/advisories/31949	Vendor Advisory
http://secunia.com/advisories/31950	Vendor Advisory
http://secunia.com/advisories/32455	Vendor Advisory
http://www.securityfocus.com/archive/1/497831/100/0/threaded
http://www.securityfocus.com/bid/31374	Exploit
http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq	Exploit URL Repurposed
http://www.vupen.com/english/advisories/2008/2663	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45330
https://www.exploit-db.com/exploits/6491

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:free:::::*
	cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:home:::::*
	cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:professional:::::*
	cpe:2.3:a:impressum:cdburnerxp:4.2.1.976:::::::*
	cpe:2.3:a:numedia_soft:numedia_dvd_burning_sdk:1.008:::::::*

History

No history.

Information

Published : 2008-09-30 17:22

Updated : 2024-02-14 01:17

NVD link : CVE-2008-4342

Mitre link : CVE-2008-4342

CVE.ORG link : CVE-2008-4342

JSON object : View

Products Affected

impressum

cdburnerxp

numedia_soft

numedia_dvd_burning_sdk

burnaware_technologies

burnaware

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2008-4342", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-09-30T17:22:09.507", "references": [{"url": "http://retrogod.altervista.org/9sg_numedia_xpl.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31936", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31949", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31950", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/32455", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/497831/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/31374", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq", "tags": ["Exploit", "URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/2663", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45330", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/6491", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs."}, {"lang": "es", "value": "El control ActiveX de NMSDVDX.DVDEngineX.1 (biblioteca NMSDVDX.dll) de NuMedia Soft NMS DVD Burning SDK Activex versi\u00f3n 1.013C y anteriores, tal como es usado en CDBurnerXP versi\u00f3n 4.2.1.976, BurnAware versi\u00f3n 2.1.3, Blaze Media Pro versi\u00f3n 8.02 Edici\u00f3n Especial, y posiblemente otros productos, permite a los atacantes remotos sobrescribir y crear archivos arbitrarios por medio de llamadas a los m\u00e9todos EnableLog y LogMessage. NOTA: este problema solo podr\u00eda ser explotable en entornos limitados o configuraciones de navegador no predeterminadas. NOTA: algunos de estos detalles son obtenidos de informaci\u00f3n de terceros. NOTA: esto puede ser aprovechado para la ejecuci\u00f3n de c\u00f3digo remota mediante el acceso a archivos usando las URL hcp://."}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:free:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68B389E7-BC30-4955-826F-C391031ED019"}, {"criteria": "cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:home:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFCB0E22-3CA2-4785-882E-C63F17B7F731"}, {"criteria": "cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:professional:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2545356E-7888-42FA-A5A5-A7C63C4B953D"}, {"criteria": "cpe:2.3:a:impressum:cdburnerxp:4.2.1.976:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CF01099-9B7D-478C-BC6F-283930174F91"}, {"criteria": "cpe:2.3:a:numedia_soft:numedia_dvd_burning_sdk:1.008:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF824977-059F-45C0-8B36-C058FDBB6376"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}