CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.2%
Added: 05/19/2008
CVE: CVE-2008-0660
BID: 27576
OSVDB: 41073
Facebook PhotoUploader is an ActiveX control which allows uploading of photos to the Facebook web site. It uses the Aurigma ImageUploader product.
A buffer overflow vulnerability in Facebook PhotoUploader allows command execution when a user loads a web page which sets a specially crafted ExtractIptc property.
Upgrade to version 4.5.57.1 or higher.
<http://archives.neohapsis.com/archives/fulldisclosure/2008-02/0024.html>
<http://secunia.com/advisories/28713>
Exploit works on Facebook PhotoUploader 4.5.57.0 and requires a user to load the exploit page in Internet Explorer.
Windows