CVE-2008-4342

NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://retrogod.altervista.org/9sg_numedia_xpl.html	Exploit
http://secunia.com/advisories/31936	Vendor Advisory
http://secunia.com/advisories/31949	Vendor Advisory
http://secunia.com/advisories/31950	Vendor Advisory
http://secunia.com/advisories/32455	Vendor Advisory
http://www.securityfocus.com/archive/1/497831/100/0/threaded
http://www.securityfocus.com/bid/31374	Exploit
http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq	Exploit URL Repurposed
http://www.vupen.com/english/advisories/2008/2663	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45330
https://www.exploit-db.com/exploits/6491
http://retrogod.altervista.org/9sg_numedia_xpl.html	Exploit
http://secunia.com/advisories/31936	Vendor Advisory
http://secunia.com/advisories/31949	Vendor Advisory
http://secunia.com/advisories/31950	Vendor Advisory
http://secunia.com/advisories/32455	Vendor Advisory
http://www.securityfocus.com/archive/1/497831/100/0/threaded
http://www.securityfocus.com/bid/31374	Exploit
http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq	Exploit URL Repurposed
http://www.vupen.com/english/advisories/2008/2663	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45330
https://www.exploit-db.com/exploits/6491

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:free:::::*
	cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:home:::::*
	cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:professional:::::*
	cpe:2.3:a:impressum:cdburnerxp:4.2.1.976:::::::*
	cpe:2.3:a:numedia_soft:numedia_dvd_burning_sdk:1.008:::::::*

History

21 Nov 2024, 00:51

Type	Values Removed	Values Added
References	~~() http://retrogod.altervista.org/9sg_numedia_xpl.html - Exploit~~	() http://retrogod.altervista.org/9sg_numedia_xpl.html - Exploit
References	~~() http://secunia.com/advisories/31936 - Vendor Advisory~~	() http://secunia.com/advisories/31936 - Vendor Advisory
References	~~() http://secunia.com/advisories/31949 - Vendor Advisory~~	() http://secunia.com/advisories/31949 - Vendor Advisory
References	~~() http://secunia.com/advisories/31950 - Vendor Advisory~~	() http://secunia.com/advisories/31950 - Vendor Advisory
References	~~() http://secunia.com/advisories/32455 - Vendor Advisory~~	() http://secunia.com/advisories/32455 - Vendor Advisory
References	~~() http://www.securityfocus.com/archive/1/497831/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/497831/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/31374 - Exploit~~	() http://www.securityfocus.com/bid/31374 - Exploit
References	~~() http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq - Exploit, URL Repurposed~~	() http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq - Exploit, URL Repurposed
References	~~() http://www.vupen.com/english/advisories/2008/2663 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2008/2663 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/45330 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/45330 -
References	~~() https://www.exploit-db.com/exploits/6491 -~~	() https://www.exploit-db.com/exploits/6491 -

14 Feb 2024, 01:17

Type	Values Removed	Values Added
References	~~(MISC) http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq - Exploit~~	(MISC) http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq - Exploit, URL Repurposed

Information

Published : 2008-09-30 17:22

Updated : 2025-04-09 00:30

NVD link : CVE-2008-4342

Mitre link : CVE-2008-4342

CVE.ORG link : CVE-2008-4342

JSON object : View

Products Affected

impressum

cdburnerxp

numedia_soft

numedia_dvd_burning_sdk

burnaware_technologies

burnaware

CWE

CWE-20

Improper Input Validation

9.3 /10