CVE-2007-4336

Microsoft DirectX Media 6.0 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4336. PoCs published by h07.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the Microsoft DXMedia SDK 6 ActiveX control via the 'SourceUrl' property. It uses heap spraying to achieve remote code execution by overwriting memory with shellcode that launches calc.exe.

Description

Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value.

Exploits (1)

exploitdb WORKING POC VERIFIED

by h07 · htmlremotewindows

https://www.exploit-db.com/exploits/4279

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the Microsoft DXMedia SDK 6 ActiveX control via the 'SourceUrl' property. It uses heap spraying to achieve remote code execution by overwriting memory with shellcode that launches calc.exe.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft DXMedia SDK 6.0

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer 6 · Microsoft DXMedia SDK 6.0 ActiveX control must be installed

MITRE ATT&CK