A boundary error in the Xfpx.dll module when processing FlashPix images can be exploited to cause a heap-based buffer overflow via a specially crafted FPX file. Proof of concept included.
d3d27e656535c43a189940b4169f03b8e070dc18bbb730bd07e54480765d5f37