CVE-2008-4771

Name of the Vulnerable Software and Affected Versions 4xem VatCtrl Class versions 1.0.0.27 through 1.0.0.51 D-Link MPEG4 SHM Audio Control version 1.7.0.5 Vivotek RTSP MPEG4 SP Control version 2.0.0.39

Description The issue is a stack-based buffer overflow in the VATDecoder.VatCtrl.1 ActiveX control. This allows remote attackers to execute arbitrary code via a long Url property.

Recommendations For 4xem VatCtrl Class versions 1.0.0.27 through 1.0.0.51, consider disabling the Url property in the ActiveX control until a patch is available. For D-Link MPEG4 SHM Audio Control version 1.7.0.5, restrict access to the vulnerable ActiveX control to minimize the risk of exploitation. For Vivotek RTSP MPEG4 SP Control version 2.0.0.39, avoid using the Url property in the affected control until the issue is resolved.