製品・ソフトウェアに関する情報

JVN脆弱性詳細

CDBurnerXP などに使用される NMSDVDX.dll における任意のファイルを上書きおよび作成される脆弱性

Title	CDBurnerXP などに使用される NMSDVDX.dll における任意のファイルを上書きおよび作成される脆弱性
Summary	CDBurnerXP、BurnAware、Blaze Media Pro Special Edition などの製品に使用される NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX コントロール (NMSDVDX.dll) には、任意のファイルを上書きおよび作成される脆弱性が存在します。
Possible impacts	第三者により、EnableLog および LogMessage メソッドへの呼び出しを介して、任意のファイルを上書きおよび作成される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Sept. 30, 2008, midnight
Registration Date	June 26, 2012, 4:02 p.m.
Last Update	June 26, 2012, 4:02 p.m.

Affected System

burnaware technologies

burnaware 2.1.3

impressum

cdburnerxp 4.2.1.976

numedia soft

numedia dvd burning sdk 1.013C およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-4342	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4342
National Vulnerability Database (NVD)
2	CVE-2008-4342	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4342

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2008-4342

Summary	NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.
Publication Date	Oct. 1, 2008, 2:22 a.m.
Registration Date	Jan. 29, 2021, 1:43 p.m.
Last Update	Feb. 14, 2024, 10:17 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:free:::::*
cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:home:::::*
cpe:2.3:a:numedia_soft:numedia_dvd_burning_sdk:1.008:::::::*
cpe:2.3:a:impressum:cdburnerxp:4.2.1.976:::::::*
cpe:2.3:a:burnaware_technologies:burnaware:2.1.3:unknown:professional:::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/31950	SECUNIA	Vendor Advisory
2	http://retrogod.altervista.org/9sg_numedia_xpl.html	MISC	Exploit
3	http://www.securityfocus.com/bid/31374	BID	Exploit
4	http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq	MISC	Exploit URL Repurposed
5	http://secunia.com/advisories/31936	SECUNIA	Vendor Advisory
6	http://secunia.com/advisories/31949	SECUNIA	Vendor Advisory
7	http://secunia.com/advisories/32455	SECUNIA	Vendor Advisory
8	http://www.vupen.com/english/advisories/2008/2663	VUPEN	Vendor Advisory
9	https://exchange.xforce.ibmcloud.com/vulnerabilities/45330	XF
10	https://www.exploit-db.com/exploits/6491	EXPLOIT-DB
11	http://www.securityfocus.com/archive/1/497831/100/0/threaded	BUGTRAQ

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html