PT-2008-5781 · Imageshack · Imageshack Toolbar

Rgod

Published

2008-10-14

Updated

2018-10-11

CVE-2008-4549

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ImageShack Toolbar version 4.5.7

Description The issue allows remote attackers to force the upload of arbitrary image files to the ImageShack site. This is achieved via a file: URI argument to the BuildSlideShow() method in the ImageShack Toolbar ActiveX control (ImageShackToolbar.dll).

Recommendations For ImageShack Toolbar version 4.5.7, consider disabling the BuildSlideShow() method until a patch is available to prevent the upload of arbitrary image files. Restrict access to the ImageShackToolbar.dll to minimize the risk of exploitation. Avoid using the file: URI argument in the affected ActiveX control until the issue is resolved.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-4549

Affected Products

Imageshack Toolbar

PT-2008-5781 · Imageshack · Imageshack Toolbar

CVE-2008-4549

Weakness Enumeration

Related Identifiers

Affected Products

References · 8