Buffer Overflow in Live Picture DXSurface Component by Live Picture Corporation
CVE-2007-4336

Currently unrated

Key Information:

Vendor: Microsoft
Status: Directx Media
Vendor: CVE Published:; 14 August 2007

Summary

The vulnerability arises from a buffer overflow in the DXSurface.LivePicture.FlashPix ActiveX control, particularly in the DXTLIPI.DLL version 6.0.2.827, which is included in the Microsoft DirectX Media 6.0 SDK. By manipulating the SourceUrl property with an excessively long value, remote attackers can execute arbitrary code on the affected system. This can lead to severe consequences for the user's data integrity and system security.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35970

vdb-entryx_refsource_XF

https://www.exploit-db.com/exploits/4279

exploitx_refsource_EXPLOIT-DB

http://www.vupen.com/english/advisories/2007/2857

vdb-entryx_refsource_VUPEN

EPSS Score

71% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 14, 2007
Vulnerability Reserved
Aug 14, 2007