CVE-2008-0660

2008-02-0802:00:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-0660

buffer overflows

aurigma image uploader

activex control

arbitrary code execution

facebook photouploader

nvd

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.769 High

EPSS

Percentile

98.2%

JSON

Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.

Affected configurations

NVD

Node

aurigmaimage_uploader_activex_controlMatch4.5.70.0

aurigmaimage_uploader_activex_controlMatch4.5.126.0

aurigmaimage_uploader_activex_controlMatch4.6.17.0

aurigmaimage_uploader_activex_controlMatch5.0.10.0

facebookfacebook

facebookphotouploaderMatch4.5.57.0

CPENameOperatorVersion
aurigma:image_uploader_activex_controlaurigma image uploader activex controleq4.5.70.0
aurigma:image_uploader_activex_controlaurigma image uploader activex controleq4.5.126.0
aurigma:image_uploader_activex_controlaurigma image uploader activex controleq4.6.17.0
aurigma:image_uploader_activex_controlaurigma image uploader activex controleq5.0.10.0
facebook:facebookfacebookeq*
facebook:photouploaderfacebook photouploadereq4.5.57.0

CPE	Name	Operator	Version
aurigma:image_uploader_activex_control	aurigma image uploader activex control	eq	4.5.70.0
aurigma:image_uploader_activex_control	aurigma image uploader activex control	eq	4.5.126.0
aurigma:image_uploader_activex_control	aurigma image uploader activex control	eq	4.6.17.0
aurigma:image_uploader_activex_control	aurigma image uploader activex control	eq	5.0.10.0
facebook:facebook	facebook	eq	*
facebook:photouploader	facebook photouploader	eq	4.5.57.0