PT-2008-2282 · Facebook+1 · Facebook Photouploader+1
E.B
·
Published
2008-02-08
·
Updated
2017-09-29
·
CVE-2008-0660
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) versions 4.5.70.0 through 4.6.17.0
Aurigma Image Uploader ActiveX control (ImageUploader5) version 5.0.10.0
Facebook PhotoUploader version 4.5.57.0
Description
The issue allows remote attackers to execute arbitrary code via long values of the
ExtractExif and ExtractIptc properties. This is due to multiple stack-based buffer overflows in the affected ActiveX control.Recommendations
For Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) versions 4.5.70.0 through 4.6.17.0, consider disabling the
ExtractExif and ExtractIptc properties until a patch is available.
For Aurigma Image Uploader ActiveX control (ImageUploader5) version 5.0.10.0, restrict access to the ExtractExif and ExtractIptc properties to minimize the risk of exploitation.
For Facebook PhotoUploader version 4.5.57.0, avoid using the ExtractExif and ExtractIptc properties in the affected ActiveX control until the issue is resolved.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aurigma Image Uploader Activex Control
Facebook Photouploader