PT-2008-2282 · Facebook+1 · Facebook Photouploader+1
E.B
·
Publicado
2008-02-08
·
Atualizado
2017-09-29
·
CVE-2008-0660
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) versions 4.5.70.0 through 4.6.17.0
Aurigma Image Uploader ActiveX control (ImageUploader5) version 5.0.10.0
Facebook PhotoUploader version 4.5.57.0
Description
The issue allows remote attackers to execute arbitrary code via long values of the
ExtractExif and ExtractIptc properties. This is due to multiple stack-based buffer overflows in the affected ActiveX control.Recommendations
For Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) versions 4.5.70.0 through 4.6.17.0, consider disabling the
ExtractExif and ExtractIptc properties until a patch is available.
For Aurigma Image Uploader ActiveX control (ImageUploader5) version 5.0.10.0, restrict access to the ExtractExif and ExtractIptc properties to minimize the risk of exploitation.
For Facebook PhotoUploader version 4.5.57.0, avoid using the ExtractExif and ExtractIptc properties in the affected ActiveX control until the issue is resolved.Exploit
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Aurigma Image Uploader Activex Control
Facebook Photouploader