[security-alerts] FW: [SA26426] Microsoft DirectX Media SDK FlashPix ActiveX Control Buffer Overflow

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> ----------------------------------------------------------------------
>
> TITLE:
> Microsoft DirectX Media SDK FlashPix ActiveX Control Buffer Overflow
>
> SECUNIA ADVISORY ID:
> SA26426
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/26426/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft DirectX Media SDK 6.x
> http://secunia.com/product/15264/
>
> DESCRIPTION:
> Krystian Kloskowski has discovered a vulnerability in DirectX Media
> SDK, which can be exploited by malicious people to compromise a
> vulnerable system.
>
> The vulnerability is caused due to a boundary error in Live Picture
> Corporation's DXSurface.LivePicture.FLashPix.1 (DXTLIPI.DLL) ActiveX
> control when handling the "SourceUrl" property. This can be exploited
> to cause a buffer overflow by assigning an overly long (around 1044
> bytes) string to the affected property.
>
> Successful exploitation allows execution of arbitrary code when e.g.
> a user visits a malicious website.
>
> The vulnerability is confirmed in DirectX Media SDK version 6.0
> including DXTLIPI.DLL version 6.0.2.827. Other versions and
> applications that use the affected ActiveX control may also be
> affected.
>
> SOLUTION:
> Set the kill-bit for the affected ActiveX control.
>
> PROVIDED AND/OR DISCOVERED BY:
> Krystian Kloskowski
>
> ORIGINAL ADVISORY:
> http://www.milw0rm.com/exploits/4279
>
> OTHER REFERENCES:
> US-CERT VU#466601:
> http://www.kb.cert.org/vuls/id/466601
>