CVE-2007-4336 – Microsoft DXMedia SDK 6 - 'SourceUrl' ActiveX Remote Code Execution

https://notcve.org/view.php?id=CVE-2007-4336

Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value. Desbordamiento de búfer en el control ActiveX Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) de DXTLIPI.DLL 6.0.2.827, como el empaquetado en Microsoft DirectX Media 6.0 SDK, permite a atacantes remotos ejecutar código de su elección mediante valor de la propiedad SourceUrl largo. • https://www.exploit-db.com/exploits/4279 http://osvdb.org/36399 http://secunia.com/advisories/26426 http://www.kb.cert.org/vuls/id/466601 http://www.securityfocus.com/bid/25279 http://www.securitytracker.com/id?1018551 http://www.vupen.com/english/advisories/2007/2857 https://exchange.xforce.ibmcloud.com/vulnerabilities/35970 •