CVE-2007-4336

Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/36399
http://secunia.com/advisories/26426	Vendor Advisory
http://www.kb.cert.org/vuls/id/466601	US Government Resource
http://www.securityfocus.com/bid/25279
http://www.securitytracker.com/id?1018551
http://www.vupen.com/english/advisories/2007/2857
https://exchange.xforce.ibmcloud.com/vulnerabilities/35970
https://www.exploit-db.com/exploits/4279

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:directx_media:6.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-08-14 18:17

Updated : 2024-02-04 17:13

NVD link : CVE-2007-4336

Mitre link : CVE-2007-4336

CVE.ORG link : CVE-2007-4336

JSON object : View

Products Affected

microsoft

directx_media

CWE

NVD-CWE-Other

{"id": "CVE-2007-4336", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-08-14T18:17:00.000", "references": [{"url": "http://osvdb.org/36399", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26426", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/466601", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25279", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018551", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2857", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35970", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/4279", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en el control ActiveX Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) de DXTLIPI.DLL 6.0.2.827, como el empaquetado en Microsoft DirectX Media 6.0 SDK, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante valor de la propiedad SourceUrl largo."}], "lastModified": "2017-09-29T01:29:16.063", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:directx_media:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC36A9CA-FB6B-422B-A246-F0A6A8820656"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}