Home/CVE/Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple prod
CVE

CVE-2007-0018

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple prod

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice.

(2) Magic Audio Recorder, Music Editor, and Audio Converter.

(3) Aurora Media Workshop.

DB Audio Mixer And Editor.

(4) J. Hepple Products including Fx Audio Editor and others.

(5) EXPStudio Audio Editor.

(6) iMesh.

(7) Quikscribe.

(8) RMBSoft AudioConvert and SoundEdit Pro 2.1.

(9) CDBurnerXP.

(10) Code-it Software Wave MP3 Editor and aBasic Editor.

(11) Movavi VideoMessage, DVD to iPod, and others.

(12) SoftDiv Software Dexster, iVideoMAX, and others.

(13) Sienzo Digital Music Mentor (DMM)

(14) MP3 Normalizer.

(15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter.

(16) Audio Edit Magic.

(17) Joshua Video and Audio Converter.

(18) Virtual CD.

(19) Cheetah CD and DVD Burner.

(20) Mystik Media AudioEdit Deluxe, Blaze Media, and others.

(21) Power Audio Editor.

(22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others.

(23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter.

(24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter.

(25) Easy Ringtone Maker.

(26) RecordNRip.

(27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others.

(28) MP3 WAV Converter.

(29) BearShare 6.0.2.26789.

and (30) Oracle Siebel SimBuilder and CRM 7.x.

HIGH · CVSS 9.3 EPSS 0.73809
Act now
  • EPSS ≥ 0.50 - high probability of exploitation in the next 30 days
  • EPSS percentile: top 1% of all CVEs by exploitation likelihood
  • Metasploit module exists (rank: Normal)
  • Public exploit or PoC is available
  • CVSS base score ≥ 7.0
Sigma rules0 YARA rules0
Look this up elsewhere - one-click external pivots
NVDCVE.orgCISAVulnersExploit-DBGitHub PoCVulnCheck KEVGreyNoise
How to read a CVE - triage first, then detect and patch
This page is every public fact about CVE-2007-0018, cross-linked. Its job is to answer one question fast - does this need my attention now? - and then hand you the two things you do about it. Here is how an analyst reads it.
Triage: should I act now? Four signals, and they are not interchangeable:
CVSSseverity - how bad it is IF exploited, 0-10. A high CVSS alone is not urgency; a flaw can be a perfect 10 and never actually be attacked. EPSSprobability - a model’s estimate of the chance it is exploited in the next 30 days, 0-1. This is the “will it actually happen” signal. CISA KEVconfirmed - it is being exploited in the wild right now. The strongest signal on the page; KEV beats any score. Weaponisedavailability - public exploits / PoCs, and especially Metasploit modules rated Excellent / Great. Reliable, packaged exploit code means low-skill attackers can use it today.
How they combine: KEV, or a dependable Metasploit module, means patch now regardless of CVSS. High CVSS + low EPSS + no exploit is real but not an emergency - schedule it. Low CVSS but KEV-listed still gets patched now. The verdict above already weighed these for you; this is how it got there.
Then what - two workflows:
Detectwhen you cannot patch today, follow this CVE to the ATT&CK techniques it enables, then Build a SIEM detection (the green button) - author a rule, test it in Atomic, deploy it. That buys visibility while the patch waits. PatchAffected products / packages tell you if you are exposed; Fixed versions by distribution and Vendor advisories give the exact version that closes it.
Reading order for the panels below: verdict + badges, then Public exploits / Metasploit (is it weaponised), then ATT&CK techniques + Sigma / IDS rules (can I detect it), then Affected products / packages + Fixed versions (am I exposed, what patches it), then Threat actors / IOCs (who uses it), then Scoring & timeline / references (the evidence).

ATT&CK techniques

2

Techniques this CVE enables - linked via CWECAPECATT&CK. High◆ = named directly in ATT&CK or Nuclei templates.

T1190 · Exploit Public-Facing Application T1203 · Exploitation for Client Execution
▤ Build a SIEM detection for these techniques

CAPEC attack patterns

12

Attack patterns this CVE enables - the bridge from weakness to ATT&CK technique.

CAPEC-CAPEC-10 · Buffer Overflow via Environment Variables CAPEC-CAPEC-100 · Overflow Buffers CAPEC-CAPEC-123 · Buffer Manipulation CAPEC-CAPEC-14 · Client-side Injection-induced Buffer Overflow CAPEC-CAPEC-24 · Filter Failure through Buffer Overflow CAPEC-CAPEC-42 · MIME Conversion CAPEC-CAPEC-44 · Overflow Binary Resource File CAPEC-CAPEC-45 · Buffer Overflow via Symbolic Links CAPEC-CAPEC-46 · Overflow Variables and Tags CAPEC-CAPEC-47 · Buffer Overflow via Parameter Expansion CAPEC-CAPEC-8 · Buffer Overflow in an API Call CAPEC-CAPEC-9 · Buffer Overflow in Local Command-Line Utilities

Weakness Classification

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected Products & Versions

60
altdo convert mp3 masterall versions
altdo mp3 record and edit audio masterall versions
americanshareware mp3 wav converterall versions
audio edit magicall versions
bearshareall versions
cdburnerxp proall versions
cheetahburner cheetah cd burnerall versions
cheetahburner cheetah dvd burnerall versions

Public Exploits & PoCs

3
These PoC and exploit links come from public sources and are not verified to be safe or functional. Review the code before running anything, and treat unverified entries as untrusted.
remoteNCTAudioFile2 2.x - ActiveX Control 'SetFormatLikeSample()' Remote Buffer Overflow (Metasploit)verified
remoteMicrosoft Internet Explorer - NCTAudioFile2.AudioFile ActiveX Remote Stack Overflow (2)verified
remoteMicrosoft Internet Explorer - NCTAudioFile2.AudioFile ActiveX Remote Overflowverified

Metasploit Modules

1
Weaponised exploit modules in the Metasploit Framework. Rank is Metasploit’s reliability rating - Excellent/Great/Good means dependable, real-world exploit code (a strong “act now” signal), not a fragile PoC.
Normalexploit/windows/browser/nctaudiofile2_setformatlikesample2007-01-24

Scoring & Timeline

9.3
HIGH · CVSS v2 (legacy) · [email protected]
View on NVD
This CVE predates CVSS v3; the legacy v2 score is shown so triage still has a severity to work with.
v2 Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Published to NVD24 Jan 2007 · 09:28 PM
🔗

References & Sources

80
Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.
http://secunia.com/advisories/22922
http://secunia.com/advisories/23475Vendor Advisory
http://secunia.com/advisories/23485Vendor Advisory
http://secunia.com/advisories/23493Vendor Advisory
http://secunia.com/advisories/23495Vendor Advisory
http://secunia.com/advisories/23511Vendor Advisory
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns TAXII feed Data sources
About All capabilities Pricing API docs Live statistics Live status Privacy policy Terms of service
threatengine.sh