CVE-2008-1490

2008-03-2519:44:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-1490

buffer overflow

aurigma

imageuploader4.ocx

remote code execution

online services

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.662 Medium

EPSS

Percentile

97.9%

JSON

Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4.ocx 4.1.36.0, as used with Piczo (aka Pizco) and possibly other online services, allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long Action property, a different CLSID than CVE-2008-0659.

Affected configurations

NVD

Node

aurigmaimage_uploader_activex_controlMatch4.1.36.0

piczoimageuploader4Match4.1.36.0

CPENameOperatorVersion
aurigma:image_uploader_activex_controlaurigma image uploader activex controleq4.1.36.0
piczo:imageuploader4piczo imageuploader4eq4.1.36.0