CVE-2008-4342

NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
burnaware_technologiesburnaware
2.1.3:unknown
burnaware_technologiesburnaware
2.1.3:unknown
burnaware_technologiesburnaware
2.1.3:unknown
impressumcdburnerxp
4.2.1.976
numedia_softnumedia_dvd_burning_sdk
1.008
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://retrogod.altervista.org/9sg_numedia_xpl.html
http://secunia.com/advisories/31936
http://secunia.com/advisories/31949
http://secunia.com/advisories/31950
http://secunia.com/advisories/32455
http://www.securityfocus.com/archive/1/497831/100/0/threaded
http://www.securityfocus.com/bid/31374
http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq
http://www.vupen.com/english/advisories/2008/2663
https://exchange.xforce.ibmcloud.com/vulnerabilities/45330
https://www.exploit-db.com/exploits/6491
http://retrogod.altervista.org/9sg_numedia_xpl.html
http://secunia.com/advisories/31936
http://secunia.com/advisories/31949
http://secunia.com/advisories/31950
http://secunia.com/advisories/32455
http://www.securityfocus.com/archive/1/497831/100/0/threaded
http://www.securityfocus.com/bid/31374
http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq
http://www.vupen.com/english/advisories/2008/2663
https://exchange.xforce.ibmcloud.com/vulnerabilities/45330
https://www.exploit-db.com/exploits/6491