Login   |   Secure Purdue > News

Highly critical vulnerability found in component of Microsoft’s DirectX Media SDK

A highly critical vulnerability has been found in the Live Picture Corporation DirectTransform FlashPix ActiveX control included in the Microsoft  DirectX Media SDK, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a buffer overflow  vulnerability in the "SourceUrl" property of Live Picture Corporation's DXSurface.LivePicture.FLashPix.1 ActiveX control (provided by DXTLIPI.DLL). Internet Explorer can be used as an attack vector for this vulnerability because the FlashPix ActiveX control is marked "Safe for Scripting".

This vulnerability can be exploited to cause a heap-based buffer overflow by assigning an overly long (greater than 1024 bytes) string to the affected property. Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary code on the vulnerable system. Exploit code for this vulnerability exists and is publicly available. At this time there have been no reported incidences of this exploit from Purdue hosts.

==SYSTEMS AFFECTED==
*DirectX Media SDK version 6.0 including DXTLIPI.DLL version 6.0.2.827
*Other versions of the DirectX Media SDK and applications that use the FlashPix ActiveX control may also be affected.

==SOLUTIONS==
While there is currently no patch available the following workarounds exist:

* Disable the FlashPix ActiveX control in Internet Explorer -
    The vulnerable ActiveX control can be disabled in Internet Explorer by setting the kill bit for
    the following CLSID:

       {201EA564-A6F6-11D1-811D-00C04FB6BD36}

    More information about how to set the kill bit is available in Microsoft Support Document 240797.

* Disable ActiveX -

    Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to
    prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling
    ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document.

==FURTHER INFORMATION AND RESOURCES==
Secunia Advisory SA26426:
http://secunia.com/advisories/26426/

US-CERT VU#466601:
http://www.kb.cert.org/vuls/id/466601

Microsoft Support Document 240797:
http://support.microsoft.com/kb/240797

Securing Your Web Browser:
http://www.cert.org/tech_tips/securing_browser/#Internet_Explorer

Posted by Nathan Heck on August 15, 2007, in Handlers Log.