Intrusion Prevention

iPIX.Image.Well.ActiveX.Arguments.Handle.Buffer.Overflow

Description

Multiple buffer overflow vulnerabilities in the Internet Pictures Corporation iPIX Image Well ActiveX control (iPIX-ImageWell-ipix.dll) allow remote attackers to execute arbitrary code via unspecified vectors.

Affected Products

AOL Client Software 9.0 Security.

Impact

System compromise.

Recommended Actions

Disable the iPIX Image Well ActiveX controls in Internet Explorer.
The vulnerable ActiveX controls can be disabled in Internet Explorer by setting the kill bit for the following CLSIDs:
{ef8d9f2a-f641-4ef0-b2ec-3ba2be7c2960}
{f7a05bac-9778-410a-9cde-bfbd4d5d2b7f}

CVE References

CVE-2007-1687