1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA30456

Crystal MP3 Recorder NCTAudioInformation2.dll ActiveX Control Buffer Overflow

Report ID: SA30456
Source: Secunia
Date of Discovery: 30.05.2008
Criticality: Urgent
Affects:
Crystal MP3 Recorder 1.x
Compromise From: From remote
Compromise Type: System access

Summary

A vulnerability has been discovered in Crystal MP3 Recorder, which can be exploited by malicious people to compromise a user's system.

Detailed Description

A vulnerability has been discovered in Crystal MP3 Recorder, which can be exploited by malicious people to compromise a user's system.

For more information:
SA30415

The vulnerability is confirmed in version 1.00. Other versions may also be affected.

Solution

Set the kill-bit for the affected ActiveX control.

CVE Reference

CVE-2008-0959