Forum Thread: CDBurnerXP Pro NMSDVDX ActiveX Control Insecure Methods

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
CDBurnerXP Pro NMSDVDX ActiveX Control Insecure Methods

Secunia CDBurnerXP Pro NMSDVDX ActiveX Control Insecure Methods
Secunia Official 20th Jun, 2011 01:36
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
bruiser has reported a vulnerability in CDBurnerXP, which can be exploited by malicious people to potentially compromise a user's system.

For more information:
SA31936

The vulnerability is reported in version 4.2.1.976. Other versions may also be affected.

harryjohnston RE: CDBurnerXP Pro NMSDVDX ActiveX Control Insecure Methods
Member 20th Jun, 2011 01:36
Score: 4
Posts: 6
User Since: 20th Jun 2011
System Score: N/A
Location: NZ
Last edited on 20th Jun, 2011 01:36
The vendor reports that this issue cannot be exploited if IE is configured with the default settings. I am unable to reproduce the issue using the PoC code on IE8, even after approving the ActiveX control.

http://cdburnerxp.se/help/sa:1
Was this reply relevant?
+5
-0
crrodriguez RE: CDBurnerXP Pro NMSDVDX ActiveX Control Insecure Methods
Member 3rd Aug, 2013 22:44
Score:
Posts: 1
User Since: 3rd Aug 2013
System Score: N/A
Location: CL
Last edited on 3rd Aug, 2013 22:44
The vulnerable component (NMS burning SDK) was removed completely from CDBurnerXP versions 4.5 and later and therefore this vulnerability needs to be marked as fixed.
Was this reply relevant?
+0
-0
This user no longer exists RE: CDBurnerXP Pro NMSDVDX ActiveX Control Insecure Methods
Secunia Official 5th Aug, 2013 14:10
@crrodriguez
Thank you. The advisory has been updated.