Secunia Finds Vulnerability in ActiveX Control which Affects More Than 70 Products

This blog post over at Secunia talks about a vulnerability which their researchers recently found in a 3rd party ActiveX control, NCTAudioFile2.dll, which was originally NCT Company Ltd. and is now known as Online Media Technologies Ltd. They state that the vulnerable component is known to be incorporated in to more than 70 products by 28 companies. Therefore if an exploit is created for this vulnerability anyone who has installed any of the 70 vulnerable programs could be attacked through Internet Explorer. While it's not the same as a global attack on ActiveX controls included with Windows by default, it's still a reasonably large attack surface. Will an attack actually surface? Well, according to the blog post "While we are not aware of any publicly available exploit for this vulnerability, actually crafting one is pretty straight-forward."

The links in the email sent to BugTraq by Secunia were not working at the time I checked, and CVE-2007-0018 wasn't filled in yet, you can check the SecurityFocus BID to see a list of all effected products and the links to all the individual advisories.