{ "id": "CVE-2008-4342", "sourceIdentifier": "cve@mitre.org", "published": "2008-09-30T17:22:09.507", "lastModified": "2018-10-11T20:51:40.553", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs." }, { "lang": "es", "value": "El control ActiveX de NMSDVDX.DVDEngineX.1 (biblioteca NMSDVDX.dll) de NuMedia Soft NMS DVD Burning SDK Activex versi\u00f3n 1.013C y anteriores, tal como es usado en CDBurnerXP versi\u00f3n 4.2.1.976, BurnAware versi\u00f3n 2.1.3, Blaze Media Pro versi\u00f3n 8.02 Edici\u00f3n Especial, y posiblemente otros productos, permite a los atacantes remotos sobrescribir y crear archivos arbitrarios por medio de llamadas a los m\u00e9todos EnableLog y LogMessage. NOTA: este problema solo podr\u00eda ser explotable en entornos limitados o configuraciones de navegador no predeterminadas. NOTA: algunos de estos detalles son obtenidos de informaci\u00f3n de terceros. NOTA: esto puede ser aprovechado para la ejecuci\u00f3n de c\u00f3digo remota mediante el acceso a archivos usando las URL hcp://." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.3 }, "baseSeverity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-20" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:free:*:*:*:*:*", "matchCriteriaId": "68B389E7-BC30-4955-826F-C391031ED019" }, { "vulnerable": true, "criteria": "cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:home:*:*:*:*:*", "matchCriteriaId": "FFCB0E22-3CA2-4785-882E-C63F17B7F731" }, { "vulnerable": true, "criteria": "cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:professional:*:*:*:*:*", "matchCriteriaId": "2545356E-7888-42FA-A5A5-A7C63C4B953D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:impressum:cdburnerxp:4.2.1.976:*:*:*:*:*:*:*", "matchCriteriaId": "0CF01099-9B7D-478C-BC6F-283930174F91" }, { "vulnerable": true, "criteria": "cpe:2.3:a:numedia_soft:numedia_dvd_burning_sdk:1.008:*:*:*:*:*:*:*", "matchCriteriaId": "FF824977-059F-45C0-8B36-C058FDBB6376" } ] } ] } ], "references": [ { "url": "http://retrogod.altervista.org/9sg_numedia_xpl.html", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "http://www.securityfocus.com/archive/1/497831/100/0/threaded", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/bid/31374", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "http://www.vupen.com/english/advisories/2008/2663", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45330", "source": "cve@mitre.org" }, { "url": "https://www.exploit-db.com/exploits/6491", "source": "cve@mitre.org" } ] }