Microsoft DirectX Files Viewer ActiveX Control Remote Buffer Overflow Vulnerability

A vulnerability has been reported in the Microsoft DirectX Files Viewer ActiveX control, allegedly available for download as a sample application on a Microsoft hosted web page.

Reportedly, a buffer overflow vulnerability exists in the handling of the 'File' parameter by this ActiveX control. Exploitation may allow a malicious web page to execute arbitrary code with privileges of the web browser process.

Reportedly, the vulnerable ActiveX control has been digitally signed by Microsoft. It may be possible for an attacker to provide a copy of the vulnerable control and force installation on users who automatically accept signed ActiveX controls.


Privacy Statement
Copyright 2010, SecurityFocus