Buffer overflow in FlashPix ActiveX
The US-CERT warns about a buffer overflow in the FlashPix ActiveX control produced by Live Picture. FlashPix is a graphics format that enables image zooming by storing the image in various resolutions on the server. A buffer in the ActiveX component can overflow, enabling attackers to execute arbitrary code via manipulated web pages.
The FlashPix ActiveX control is found in the DXTLIPI.DLL library. The property SourceUrl() contains the bug which may cause a buffer overflow. Web pages can access this control because it is marked as Safe for Scripting in Internet Explorer. The Live Picture web page is no longer available, and there is no update.
The faulty ActiveX component has the classID {201EA564- A6F6-11D1-811D-00C04FB6BD36}, and it can, for example, be found in Microsoft's elderly DirectX Media SDK 6.0, but other vendors may also add the control and install it with their products. Since a public exploit has already become available, users should either set the ActiveX control's kill bit or, preferably, disable ActiveX in their browsers altogether and only enable it when required for trusted pages.
- Microsoft DirectX Media 6.0 Live Picture Corporation DirectTransform FlashPix ActiveX control buffer overflow, US-CERT vulnerability note
- demo exploit in the milw0rm exploit archive
(mba)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
