HOMEVULNERABILITIESCVE-2007-0018
CRITICALPOC

CVE-2007-0018

CWE-119Published: January 24, 2007· Updated: Jun 16, 2026

9.3
CVSS v3.1

Official Description

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.

NVD Source

Technical Analysis

CVE-2007-0018 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A proof-of-concept (PoC) exploit exists for CVE-2007-0018. While not yet confirmed in active campaigns, the availability of PoC code increases exploitation risk substantially.

From a weakness classification perspective (CWE-119): Buffer overflow vulnerabilities can lead to arbitrary code execution or denial of service by corrupting adjacent memory.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityM
Privileges Req.
User Interaction
Scope
Impact
ConfidentialityC
IntegrityC
AvailabilityC
AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected Vendors & Products

altdo2 product(s)
convert mp3 mastermp3 record and edit audio master
americanshareware1 product(s)
mp3 wav converter
audio_edit_magic1 product(s)
audio edit magic
bearshare1 product(s)
bearshare
cdburnerxp1 product(s)
cdburnerxp pro
cheetahburner2 product(s)
cheetah cd burnercheetah dvd burner
code-it_softare2 product(s)
abasic editorwave mp3 editor
easy audio editorfull audio convertermusic editing mastervisual video converter
digital_borneo1 product(s)
audio mixer and editor
easy ringtone maker
expstudio1 product(s)
audio editor
iaudiosoft.com3 product(s)
absolute mp3 splitterabsolute sound recorderabsolute video to audio converter
imesh.com1 product(s)
imesh
j_hepple_products9 product(s)
fx audio concatfx audio editorfx audio toolsfx magic musicfx movie joinerfx movie joiner and splitterfx movie splitterfx new soundfx video converter
joshua_mediasoft2 product(s)
audio convertor plusvideo converter plus
magicvideosoftare3 product(s)
magic audio convertermagic audio recordermagic music editor
mcfunsoft6 product(s)
audio editoraudio recorder for freeaudio studioipod audio studioipod music converterrecording to ipod solution
mediatox1 product(s)
aurora media workshop
movavi6 product(s)
chiliburnerconvertmoviedvd to ipodsplitmoviesuitevideomessage
mp3-soft1 product(s)
mp3 normalizer
Source: NVD CPE · 83 total CPE entries

Exploit & PoC Resources

POC AVAILABLEProof-of-concept code exists
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (176)

Quick Facts

CVE IDCVE-2007-0018
CVSS Score9.3 / 10
SeverityCRITICAL
WeaknessCWE-119
CISA KEVNo
ExploitPOC
Affected20 vendor(s)
PublishedJan 24, 2007

Related CVEs (CWE-119)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2007-0018 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.