Name:
MySpace.Uploader.Action.ActiveX.Control.Access
Released Date:
Jan 31 2008
Severity:
critical
CVE:
2008-0659
Bugtraq:
27533

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attempt to exploit a buffer overflow vulnerability in the MySpace Uploader ActiveX Control.

The software is vulnerable to a buffer overflow when an attacker passes an overly long string to the 'Action' property. This can lead to arbitrary code execution on the target computer.
 
Impact
System Compromise: remote code execution.
 
Affected Products
MySpaceUploader.ocx version 1.0.0.4
MySpaceUploader.ocx version 1.0.0.5
Aliases
MySpace.Uploader.Action.ActiveX.Control.Access
References
http://www.securityfocus.com/bid/27533
http://www.frsirt.com/english/advisories/2008/0344
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0659
http://milw0rm.org/exploits/5025
Recommended Actions
Update this component when the update becomes available. For now set the kill bit on this ActiveX Control.

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED