vendor:
IE NCTAudioFile2.AudioFile ActiveX control
by:
shinnai
7.5
CVSS
HIGH
Stack Overflow
119
CWE
Product Name: IE NCTAudioFile2.AudioFile ActiveX control
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows XP Pro SP2 with IE7
Unknown
IE NCTAudioFile2.AudioFile ActiveX Remote Stack Overfl0w
This is a remote stack overflow vulnerability in IE NCTAudioFile2.AudioFile ActiveX control. The exploit allows an attacker to execute arbitrary code on a target system. The vulnerability was originally reported by Secunia and the PoC was developed by shinnai. The exploit works on Windows XP Pro SP2 with IE7 fully patched.
Mitigation:
Disable or remove the vulnerable ActiveX control.