Added: 05/19/2008
CVE: CVE-2008-0660
BID: 27576
OSVDB: 41073
Facebook PhotoUploader is an ActiveX control which allows uploading of photos to the Facebook web site. It uses the Aurigma ImageUploader product.
A buffer overflow vulnerability in Facebook PhotoUploader allows command execution when a user loads a web page which sets a specially crafted ExtractIptc property.
Upgrade to version 4.5.57.1 or higher.
<http://archives.neohapsis.com/archives/fulldisclosure/2008-02/0024.html>
<http://secunia.com/advisories/28713>
Exploit works on Facebook PhotoUploader 4.5.57.0 and requires a user to load the exploit page in Internet Explorer.
Windows