Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute arbitrary code via a long URL property inside an object tag.