Security vulnerability in Active X module for music software

Many programs for editing, encoding and managing music and videos rely on Active X modules from NCTsoft. Using manipulated websites, evil-doers can trigger a buffer overflow in one of NCTsoft's Active X components to sneak malicious code onto affected computers, according to security services provider Secunia.

The SetFormatLikeSample() function in the NCTAudioFile2.AudioFile Active X module in the file NCTAudioFile2.dll messes up when processing over-long arguments. If the argument passed to the function is longer than 4,124 bytes, a buffer overflow occurs, which could be exploited by an attacker to execute arbitrary code.

The affected programs are generally designed for computer novices, making the vulnerability all the more serious. They are generally users of Internet Explorer, which can load and execute Active X modules. Music software is also not usually equipped with an auto-update mechanism, so that software publishers cannot react to security problems automatically.

According to Secunia, the Active X module containing the bug is found in programs from Altdo Software, Cool Audio, NextLevel Systems, MP3-WAV Converter, McFunSoft, RecordNRip, Easy Ringtone Maker, Absolute Software, Xrlly Software, DanDans Digital Media, Power Audio Editor, Mystik Media, Cheetah CD/DVD Burner, Virtual CD, Joshua Software, Audio Edit Magic, Roemer Software, MP3 Normalizer, Sienzo Digital Music Mentor and Softdiv Software.

Version 2.7.1 and possibly versions prior to 2.7.1 are affected. There is not yet an update available to fix the problem. Secunia recommends that affected users set the kill bit for the Active X module or switch to other software which does not use the affected components.

See also:

• NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow, security advisory from Secunia

(ehe)