CVE-2007-4336

high

Description

Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value.

References

https://www.exploit-db.com/exploits/4279

https://exchange.xforce.ibmcloud.com/vulnerabilities/35970

http://www.vupen.com/english/advisories/2007/2857

http://www.securitytracker.com/id?1018551

http://www.securityfocus.com/bid/25279

http://www.kb.cert.org/vuls/id/466601

http://secunia.com/advisories/26426

http://osvdb.org/36399

Details

Source: Mitre, NVD

Published: 2007-08-14

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.50711