CVE-2008-4342

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-4342
NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://retrogod.altervista.org/9sg_numedia_xpl.html Exploit
http://secunia.com/advisories/31936 Vendor Advisory
http://secunia.com/advisories/31949 Vendor Advisory
http://secunia.com/advisories/31950 Vendor Advisory
http://secunia.com/advisories/32455 Vendor Advisory
http://www.securityfocus.com/archive/1/497831/100/0/threaded
http://www.securityfocus.com/bid/31374 Exploit
http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq Exploit URL Repurposed
http://www.vupen.com/english/advisories/2008/2663 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45330
https://www.exploit-db.com/exploits/6491
http://retrogod.altervista.org/9sg_numedia_xpl.html Exploit
http://secunia.com/advisories/31936 Vendor Advisory
http://secunia.com/advisories/31949 Vendor Advisory
http://secunia.com/advisories/31950 Vendor Advisory
http://secunia.com/advisories/32455 Vendor Advisory
http://www.securityfocus.com/archive/1/497831/100/0/threaded
http://www.securityfocus.com/bid/31374 Exploit
http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq Exploit URL Repurposed
http://www.vupen.com/english/advisories/2008/2663 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45330
https://www.exploit-db.com/exploits/6491
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:free:*:*:*:*:*
cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:home:*:*:*:*:*
cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:professional:*:*:*:*:*
cpe:2.3:a:impressum:cdburnerxp:4.2.1.976:*:*:*:*:*:*:*
cpe:2.3:a:numedia_soft:numedia_dvd_burning_sdk:1.008:*:*:*:*:*:*:*
History

21 Nov 2024, 00:51

Type Values Removed Values Added
References () http://retrogod.altervista.org/9sg_numedia_xpl.html - Exploit () http://retrogod.altervista.org/9sg_numedia_xpl.html - Exploit
References () http://secunia.com/advisories/31936 - Vendor Advisory () http://secunia.com/advisories/31936 - Vendor Advisory
References () http://secunia.com/advisories/31949 - Vendor Advisory () http://secunia.com/advisories/31949 - Vendor Advisory
References () http://secunia.com/advisories/31950 - Vendor Advisory () http://secunia.com/advisories/31950 - Vendor Advisory
References () http://secunia.com/advisories/32455 - Vendor Advisory () http://secunia.com/advisories/32455 - Vendor Advisory
References () http://www.securityfocus.com/archive/1/497831/100/0/threaded - () http://www.securityfocus.com/archive/1/497831/100/0/threaded -
References () http://www.securityfocus.com/bid/31374 - Exploit () http://www.securityfocus.com/bid/31374 - Exploit
References () http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq - Exploit, URL Repurposed () http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq - Exploit, URL Repurposed
References () http://www.vupen.com/english/advisories/2008/2663 - Vendor Advisory () http://www.vupen.com/english/advisories/2008/2663 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/45330 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/45330 -
References () https://www.exploit-db.com/exploits/6491 - () https://www.exploit-db.com/exploits/6491 -

14 Feb 2024, 01:17

Type Values Removed Values Added
References () http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq - Exploit () http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq - Exploit, URL Repurposed
Information

Published : 2008-09-30 17:22

Updated : 2024-11-21 00:51

NVD link : CVE-2008-4342

Mitre link : CVE-2008-4342

CVE.ORG link : CVE-2008-4342

JSON object : View

Products Affected

impressum

  • cdburnerxp

burnaware_technologies

  • burnaware

numedia_soft

  • numedia_dvd_burning_sdk
CWE
CWE-20

Improper Input Validation