In association with heise online

13 August 2007, 10:39

Buffer overflow in FlashPix ActiveX

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The US-CERT warns about a buffer overflow in the FlashPix ActiveX control produced by Live Picture. FlashPix is a graphics format that enables image zooming by storing the image in various resolutions on the server. A buffer in the ActiveX component can overflow, enabling attackers to execute arbitrary code via manipulated web pages.

The FlashPix ActiveX control is found in the DXTLIPI.DLL library. The property SourceUrl() contains the bug which may cause a buffer overflow. Web pages can access this control because it is marked as Safe for Scripting in Internet Explorer. The Live Picture web page is no longer available, and there is no update.

The faulty ActiveX component has the classID {201EA564- A6F6-11D1-811D-00C04FB6BD36}, and it can, for example, be found in Microsoft's elderly DirectX Media SDK 6.0, but other vendors may also add the control and install it with their products. Since a public exploit has already become available, users should either set the ActiveX control's kill bit or, preferably, disable ActiveX in their browsers altogether and only enable it when required for trusted pages.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit