Secunia Research has discovered a vulnerability in Sienzo Digital Music Mentor, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error in the NCTAudioFile2.AudioFile ActiveX control when handling the “SetFormatLikeSample()” method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (about 4124 bytes) as argument to the affected method. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/53983/secunia-nctaudio.txt
Source: https://packetstormsecurity.com/files/53983/secunia-nctaudio.txt.html