Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.
seclists.org/fulldisclosure/2008/Feb/0023.html
secunia.com/advisories/28707
secunia.com/advisories/28713
www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483
www.kb.cert.org/vuls/id/776931
www.securityfocus.com/bid/27576
www.securityfocus.com/bid/27577
www.securitytracker.com/id?1019297
www.vupen.com/english/advisories/2008/0391/references
www.vupen.com/english/advisories/2008/0394/references
www.exploit-db.com/exploits/5049