Secunia Research has discovered a vulnerability in NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the NCTAudioFile2.
AudioFile ActiveX control (NCTAudioFile2.dll) when handling the "SetFormatLikeSample()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (about 4124 bytes) as argument to the affected method.
Successful exploitation allows execution of arbitrary code.
--------------------------------------------
As it turns out, this ActiveX Control is used in over 70 applications...therefore this vulnerability just became a lot more serious. Welcome to the world of ActiveX, thank you...drive thru.
Major Pwnage.
No comments:
Post a Comment