Vulnerability Description
Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Directx Media | 6.0 |
References
- http://osvdb.org/36399
- http://secunia.com/advisories/26426Vendor Advisory
- http://www.kb.cert.org/vuls/id/466601US Government Resource
- http://www.securityfocus.com/bid/25279
- http://www.securitytracker.com/id?1018551
- http://www.vupen.com/english/advisories/2007/2857
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35970
- https://www.exploit-db.com/exploits/4279
- http://osvdb.org/36399
- http://secunia.com/advisories/26426Vendor Advisory
- http://www.kb.cert.org/vuls/id/466601US Government Resource
- http://www.securityfocus.com/bid/25279
- http://www.securitytracker.com/id?1018551
- http://www.vupen.com/english/advisories/2007/2857
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35970
FAQ
What is CVE-2007-4336?
CVE-2007-4336 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, al...
How severe is CVE-2007-4336?
CVE-2007-4336 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4336?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Directx Media.