CDBurnerXP Security Announcement 1

Name NMS DVD Burning SDK Activex (NMSDVDX.dll) remote exploit
Date 2008-09-22
Application CDBurnerXP 4.4 and lower
Risk Medium
Vendor Status Not a bug / Resolved


An exploit within the component NMSDVDX, which is the burning library of CDBurnerXP, has been reported which allows remote code execution when visiting a specifically built website.


This behavior is by design (based on client requests of this software component) and required for usage within intranets.

It is not a risk, if your Internet Explorer security settings are at least set to “Normal”, which is the default setting.