Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0660

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-0660
Last Modified 07 Mar 2011 10:05:04
Published 07 Feb 2008 09:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0660

Summary

Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.

Vulnerable Systems

Application

  • Aurigma Image Uploader Activex Control 4.5.126.0

  • Aurigma Image Uploader Activex Control 4.5.70.0

  • Aurigma Image Uploader Activex Control 4.6.17.0

  • Aurigma Image Uploader Activex Control 5.0.10.0

  • Facebook

  • Facebook Photouploader 4.5.57.0


References

CERT-VN - VU#776931

VUPEN - ADV-2008-0394

VUPEN - ADV-2008-0391

SECTRACK - 1019297

BID - 27577

BID - 27576

MILW0RM - 5049

MISC - http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483

SECUNIA - 28713

SECUNIA - 28707

FULLDISC - 20080203 FaceBook/Aurigma Image/PhotoUploader Buffer Overflow


Last Updated: 27 May 2016 10:46:53