Highly critical vulnerability found in component of Microsoft’s DirectX Media SDK

A highly critical vulnerability has been found in the Live Picture Corporation DirectTransform FlashPix ActiveX control included in the Microsoft  DirectX Media SDK, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a buffer overflow  vulnerability in the "SourceUrl" property of Live Picture Corporation's DXSurface.LivePicture.FLashPix.1 ActiveX control (provided by DXTLIPI.DLL). Internet Explorer can be used as an attack vector for this vulnerability because the FlashPix ActiveX control is marked "Safe for Scripting".

This vulnerability can be exploited to cause a heap-based buffer overflow by assigning an overly long (greater than 1024 bytes) string to the affected property. Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary code on the vulnerable system. Exploit code for this vulnerability exists and is publicly available. At this time there have been no reported incidences of this exploit from Purdue hosts.

*DirectX Media SDK version 6.0 including DXTLIPI.DLL version
*Other versions of the DirectX Media SDK and applications that use the FlashPix ActiveX control may also be affected.

While there is currently no patch available the following workarounds exist:

* Disable the FlashPix ActiveX control in Internet Explorer -
    The vulnerable ActiveX control can be disabled in Internet Explorer by setting the kill bit for
    the following CLSID:


    More information about how to set the kill bit is available in Microsoft Support Document 240797.

* Disable ActiveX -

    Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to
    prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling
    ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document.

Secunia Advisory SA26426:

US-CERT VU#466601:

Microsoft Support Document 240797:

Securing Your Web Browser:

Posted by Nathan Heck on August 15, 2007, in Handlers Log.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2016 Purdue University | An equal access/equal opportunity university | Integrity Statement | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at itap@purdue.edu.

PDF files can be viewed in Adobe Acrobat Reader.