PT-2008-5781 · Imageshack · Imageshack Toolbar

Rgod

Publicado

2008-10-14

Atualizado

2018-10-11

CVE-2008-4549

CVSS v2.0

2.6

Baixa

Vetor

AV:N/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ImageShack Toolbar version 4.5.7

Description The issue allows remote attackers to force the upload of arbitrary image files to the ImageShack site. This is achieved via a file: URI argument to the BuildSlideShow() method in the ImageShack Toolbar ActiveX control (ImageShackToolbar.dll).

Recommendations For ImageShack Toolbar version 4.5.7, consider disabling the BuildSlideShow() method until a patch is available to prevent the upload of arbitrary image files. Restrict access to the ImageShackToolbar.dll to minimize the risk of exploitation. Avoid using the file: URI argument in the affected ActiveX control until the issue is resolved.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2008-4549

Produtos afetados

Imageshack Toolbar

PT-2008-5781 · Imageshack · Imageshack Toolbar

CVE-2008-4549

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8