The Live Picture Corporation DirectTransform FlashPix ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
The Microsoft DirectX Media 6.0 SDK includes an ActiveX control that is produced by Live Picture Corporation. This control, which is provided by DXTLIPI.DLL, is known as FlashPix. The FlashPix ActiveX control contains a buffer overflow vulnerability in the SourceUrl() property. Because the FlashPix ActiveX control is marked "Safe for Scripting," Internet Explorer can be used as an attack vector for this vulnerability.
Note that software other than the Microsoft DirectX Media 6.0 SDK may include the vulnerable FlashPix ActiveX control. Exploit code for this vulnerability is publicly available.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer (or the program using the WebBrowser control) to crash.
We are currently unaware of a practical solution to this problem. Please consider the following workarounds
This vulnerability was publicly disclosed by Krystian Kloskowski.
This document was written by Will Dormann.
|Date First Published:||2007-08-12|
|Date Last Updated:||2007-08-13 12:26 UTC|