CVE-2007-4336

Name of the Vulnerable Software and Affected Versions DirectX Media 6.0 SDK versions 6.0.2.827

Description A buffer overflow issue exists in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 ActiveX control, which is part of the DirectX Media 6.0 SDK. This issue allows remote attackers to execute arbitrary code by providing a long SourceUrl property value.

Recommendations For version 6.0.2.827, consider disabling the use of the SourceUrl property in the DXSurface.LivePicture.FlashPix.1 ActiveX control until a patch is available. Restrict access to the DXTLIPI.DLL library to minimize the risk of exploitation.