Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4342

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4342
Last Modified 31 Aug 2011 12:00:00
Published 30 Sep 2008 01:22:09
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4342

Summary

NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.

Vulnerable Systems

Application

  • Burnaware Technologies Burnaware 2.1.3

  • Impressum Cdburnerxp 4.2.1.976

  • Numedia Soft Numedia Dvd Burning Sdk 1.008


References

XF - nmsdvdburning-nmsdvdx-file-overwrite(45330)

VUPEN - ADV-2008-2663

MISC - http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq

BID - 31374

BUGTRAQ - 20081027 Blaze Media Pro 8.02 SE vulnerability

MILW0RM - 6491

SECUNIA - 32455

SECUNIA - 31950

SECUNIA - 31949

SECUNIA - 31936

MISC - http://retrogod.altervista.org/9sg_numedia_xpl.html


Last Updated: 27 May 2016 10:48:28