Intrusion Prevention

D-Link.Mpeg4.VAPGDecoder.Url.ActiveX.Control.Access

Description

D-Link MPEG4 SHM Audio ActiveX Control ('VAPGDecoder.dll') is vulnerable to a buffer overflow issue when an overly long string is passed to the Url parameter. A malicious user can trick a victim to visit a malicious web site to use this vulnerability and could then execute arbitrary remote code execution on the victim's host.

Affected Products

D-Link MPEG4 SHM Audio Control 1.7.0.5

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Update the software to latest version or set the kill-bit on the ActiveX control.

CVE References

CVE-2008-4771