NMS DVD Burning SDK NMSDVDX.dll ActiveX control file overwrite

nmsdvdburning-nmsdvdx-file-overwrite (45330) The risk level is classified as MediumMedium Risk

Description:

The NMS DVD Burning SDK ActiveX control (NMSDVDX.dll) could allow a remote attacker to overwrite arbitrary files on the system. By persuading a victim to visit a malicious Web site, a remote attacker could pass specially-crafted arguments using the EnableLog() or LogMessage() method to overwrite and corrupt arbitrary files on the system.

Platforms Affected:

  • Blaze Media Pro, Blaze Media Pro 8.2.0.9 Trial
  • BurnAware Technologies, BurnAware ActiveX control 2.1.3 Free
  • BurnAware Technologies, BurnAware ActiveX control 2.1.3 Home
  • BurnAware Technologies, BurnAware ActiveX control 2.1.3 Professional
  • Impressum, CDBurnerXP 4.2.1.976
  • Numedia Soft, NuMedia DVD Burning SDK 1.008

Remedy:

No remedy available as of July 4, 2009.

Consequences:

File Manipulation

References:

  • Blaze Media Pro Web site, Blaze Media Pro at http://www.blazemp.com/.
  • CDBurnerXP Web site, CDBurnerXP at http://www.cdburnerxp.se/.
  • Numedia Soft Web site, Downloads at www.numediasoft.com/Downloads.aspx.
  • BID-31374: NMS DVD Burning SDK 'NMSDVDX.dll' ActiveX Control Arbitrary File Overwrite Vulnerability
  • CVE-2008-4342: NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.
  • SA31936: NMS DVD Burning SDK ActiveX Control Insecure Methods
  • SA31949: CDBurnerXP Pro NMSDVDX ActiveX Control Insecure Methods
  • SA31950: BurnAware NMSDVDX ActiveX Control Insecure Methods
  • SA32455: Blaze Media Pro NMSDVDX ActiveX Control Insecure Methods
  • VUPEN/ADV-2008-2663: NMS DVD Burning SDK ActiveX File Overwrite Vulnerabilities

Reported:

Sep 19, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page