Bug gains access via ActiveX

Various applications are vulnerable to a security bug found in third party software components NCTAudioStudio, NCTAudioEditor and NCTDialogicVoice for audio processing.

The components are developed by UK firm Online Media Technologies, and are used by a variety of firms in their software, including Dell and Intel.

The bug can be exploited by remote attackers to take over users’ systems, said internet security firm Secunia, which discovered the threat.

The vulnerability is caused by a boundary error in the NCTAudioFile2.AudioFile ActiveX control when handling the "SetFormatLikeSample()" processing method.

This can be exploited by attackers to cause a stack-based buffer overflow, allowing them to seize control of users’ systems.

Secunia said a patch for the bug was so far not available. Users could protect themselves in the meantime by disabling ActiveX controls in their systems, said Secunia.

ActiveX flaws hit Google and Adobe

Microsoft ActiveX bug 'critical'

Comment on this article: computer.weekly@rbi.co.uk