The Online Media Technologies NCTsoft NCTAudioFile2 ActiveX control contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Online Media Technologies NCTsoft provides an ActiveX control called NCTAudioFile2. This control is provided by the file NCTAudioFile2.dll. The NCTAudioFile2 ActiveX control is included with several applications, including, but not limited to:
By convincing a victim to view an HTML document (web page, HTML email, or email attachment), an attacker could run arbitrary code with the privileges of the user running IE.
Disable the NCTAudioFile2 ActiveX control in Internet Explorer
This vulnerability was reported by Will Dormann of CERT/CC. The vulnerability was also independently discovered and publicly disclosed by Carsten Eiram of Secunia Research
This document was written by Will Dormann.
|Date First Published:||2007-01-24|
|Date Last Updated:||2008-04-28 19:56 UTC|