Feeds

Buffer the Overflow Slayer v. the ActiveX Files

Flashpix nix 'safe for scripts'

Website security in corporate America

Microsoft's DirectX Media software development kit may be doing a lot more than helping designers give a realistic flesh tone to Lara Croft's breasts. It could also be introducing critical vulnerabilities into a countless number of applications that are spawned by the SDK.

That's because the SDK, which streamlines much of the work of building graphic-intensive video games and applications, contains a third-party ActiveX control that's vulnerable to a buffer overflow. Labeled DirectTransform FlashPix and provided by the Live Picture Corporation, it leaves applications vulnerable to attacks that allow for the remote execution of code.

An attacker would still have to lure a victim running FlashPix to a visit booby-trapped website or open a maliciously crafted email. But hey, we're talking about virtual worlds and multi-player video games, where people consort with strangers all the time.

"This is worse than your average social engineering situation," says security researcher Rodney Thayer. "If you're in a gaming environment where you're trying to get the dwarf to talk to you in English, you may actually listen to people who give you advice."

Internet Explorer can also be used as an attack vector, because FlashPix is labeled as "safe for scripting".

The vulnerability was discovered by Krystian Kloskowski and is rated "highly critical" in this posting on Secunia. It's also discussed here on the US-Cert website. Proof-of-concept code can be found on MilW0rm here.

The flaw comes courtesy of a boundary error in Live Picture's DXSurface.LivePicture.FLashPix.1, which translates to the DXTLIPI.DLL file on Windows machines. It can be exploited to cause a buffer overflow by assigning excessive strings to the affected property.

Workarounds include setting the kill-bit for the FlashPix control(CLSID {201EA564-A6F6-11D1-811D-00C04FB6BD36}) or disabling all ActiveX controls in the Internet zone.

A Microsoft spokesman said the company's security team is investigating the report and is unaware of any attacks using the claimed vulnerability. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.