CDBurnerXP Security Announcement 1
| Name | NMS DVD Burning SDK Activex (NMSDVDX.dll) remote exploit |
|---|---|
| Date | 2008-09-22 |
| Application | CDBurnerXP 4.4 and lower |
| Risk | Medium |
| Vendor Status | Not a bug / Resolved |
| References | http://securityreason.com/exploitalert/4723 |
Details:
An exploit within the component NMSDVDX, which is the burning library of CDBurnerXP, has been reported which allows remote code execution when visiting a specifically built website.
Resolution:
This behavior is by design (based on client requests of this software component) and required for usage within intranets.
It is not a risk, if your Internet Explorer security settings are at least set to “Normal”, which is the default setting.