CDBurnerXP Security Announcement 1
Name | NMS DVD Burning SDK Activex (NMSDVDX.dll) remote exploit |
---|---|
Date | 2008-09-22 |
Application | CDBurnerXP 4.4 and lower |
Risk | Medium |
Vendor Status | Not a bug / Resolved |
References | http://securityreason.com/exploitalert/4723 |
Details:
An exploit within the component NMSDVDX, which is the burning library of CDBurnerXP, has been reported which allows remote code execution when visiting a specifically built website.
Resolution:
This behavior is by design (based on client requests of this software component) and required for usage within intranets.
It is not a risk, if your Internet Explorer security settings are at least set to “Normal”, which is the default setting.