CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
98.2%
Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.
Vendor | Product | Version | CPE |
---|---|---|---|
aurigma | image_uploader_activex_control | 4.5.70.0 | cpe:2.3:a:aurigma:image_uploader_activex_control:4.5.70.0:*:*:*:*:*:*:* |
aurigma | image_uploader_activex_control | 4.5.126.0 | cpe:2.3:a:aurigma:image_uploader_activex_control:4.5.126.0:*:*:*:*:*:*:* |
aurigma | image_uploader_activex_control | 4.6.17.0 | cpe:2.3:a:aurigma:image_uploader_activex_control:4.6.17.0:*:*:*:*:*:*:* |
aurigma | image_uploader_activex_control | 5.0.10.0 | cpe:2.3:a:aurigma:image_uploader_activex_control:5.0.10.0:*:*:*:*:*:*:* |
* | cpe:2.3:a:facebook:facebook:*:*:*:*:*:*:*:* | ||
photouploader | 4.5.57.0 | cpe:2.3:a:facebook:photouploader:4.5.57.0:*:*:*:*:*:*:* |
seclists.org/fulldisclosure/2008/Feb/0023.html
secunia.com/advisories/28707
secunia.com/advisories/28713
www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483
www.kb.cert.org/vuls/id/776931
www.securityfocus.com/bid/27576
www.securityfocus.com/bid/27577
www.securitytracker.com/id?1019297
www.vupen.com/english/advisories/2008/0391/references
www.vupen.com/english/advisories/2008/0394/references
www.exploit-db.com/exploits/5049