CVE-2008-1490

2008-03-2519:44:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-1490

buffer overflow

aurigma

imageuploader4.ocx

remote code execution

online services

8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.662 Medium

EPSS

Percentile

97.9%

JSON

Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4.ocx 4.1.36.0, as used with Piczo (aka Pizco) and possibly other online services, allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long Action property, a different CLSID than CVE-2008-0659.

Affected configurations

NVD

Node

aurigmaimage_uploader_activex_controlMatch4.1.36.0

piczoimageuploader4Match4.1.36.0

CPENameOperatorVersion
aurigma:image_uploader_activex_controlaurigma image uploader activex controleq4.1.36.0
piczo:imageuploader4piczo imageuploader4eq4.1.36.0