CVE-2007-4336

Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.kb.cert.org/vuls/id/466601	US Government Resource
http://secunia.com/advisories/26426	Vendor Advisory
http://www.securityfocus.com/bid/25279
http://www.securitytracker.com/id?1018551
http://osvdb.org/36399
http://www.vupen.com/english/advisories/2007/2857
https://exchange.xforce.ibmcloud.com/vulnerabilities/35970
https://www.exploit-db.com/exploits/4279

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:directx_media:6.0:*:*:*:*:*:*:*

Information

Published : 2007-08-14 11:17

Updated : 2017-09-28 18:29

NVD link : CVE-2007-4336

Mitre link : CVE-2007-4336

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

microsoft

directx_media

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.kb.cert.org/vuls/id/466601", "name": "VU#466601", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://secunia.com/advisories/26426", "name": "26426", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/25279", "name": "25279", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1018551", "name": "1018551", "tags": [], "refsource": "SECTRACK"}, {"url": "http://osvdb.org/36399", "name": "36399", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/2857", "name": "ADV-2007-2857", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35970", "name": "directx-dxtlipi-bo(35970)", "tags": [], "refsource": "XF"}, {"url": "https://www.exploit-db.com/exploits/4279", "name": "4279", "tags": [], "refsource": "EXPLOIT-DB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-4336", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2007-08-14T18:17Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:directx_media:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-09-29T01:29Z"}