Name:
Aurigma.Image.Uploader.ExtractIptc.ActiveX.Control
Released Date:
Feb 4 2008
Severity:
critical
CVE:
2008-0660
Bugtraq:
27539
27534
26537

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attempt to exploit one of several buffer overflow vulnerabilities in Aurigma Image Uploader.

There are multiple stack based buffer overflow vulnerabilities in an Aurigma Image Uploader ActiveX control, ImageUploader4.ocx, which is used by Facebook PhotoUploader. The vulnerabilities allow remote attackers to execute arbitrary code via long properties.
 
Impact
System Compromise: remote code execution.
 
Affected Products
Aurigma ImageUploader4 4.5.70.0 and 4.5.126.0
Aurigma ImageUploader4 4.6.17.0
Aurigma ImageUploader5 5.0.10.0
Facebook PhotoUploader 4.5.57.0
Aliases
Aurigma.Image.Uploader.ActiveX.Control.Code.Execution
Aurigma.Image.Uploader.ExtractIptc.ActiveX.Control.Access
References
http://www.securityfocus.com/bid/27539
http://www.securityfocus.com/bid/27534
http://www.securityfocus.com/bid/26537
http://www.frsirt.com/english/advisories/2008/0394
http://www.frsirt.com/english/advisories/2008/0391
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0660
http://milw0rm.org/exploits/5102
http://milw0rm.org/exploits/5049
Recommended Actions
Update this ActiveX control to the latest version.

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED