Detections
Analytics

CVE-2008-4342

critical

Description

NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.

References

https://www.exploit-db.com/exploits/6491

https://exchange.xforce.ibmcloud.com/vulnerabilities/45330

http://www.vupen.com/english/advisories/2008/2663

http://www.securityfocus.com/archive/1/497831/100/0/threaded

http://secunia.com/advisories/32455

http://secunia.com/advisories/31950

http://secunia.com/advisories/31949

http://secunia.com/advisories/31936

Details

Source: Mitre, NVD

Published: 2008-09-30

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.26707