Lucene search

K

[email protected]NVD:CVE-2008-0660

HistoryFeb 08, 2008 - 2:00 a.m.

CVE-2008-0660

2008-02-0802:00:00

CWE-119

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.769 High

EPSS

Percentile

98.2%

Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.

Affected configurations

NVD

Node

aurigmaimage_uploader_activex_controlMatch4.5.70.0

OR

aurigmaimage_uploader_activex_controlMatch4.5.126.0

OR

aurigmaimage_uploader_activex_controlMatch4.6.17.0

OR

aurigmaimage_uploader_activex_controlMatch5.0.10.0

OR

facebookfacebook

OR

facebookphotouploaderMatch4.5.57.0

References

seclists.org/fulldisclosure/2008/Feb/0023.html

secunia.com/advisories/28707

secunia.com/advisories/28713

www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483

www.kb.cert.org/vuls/id/776931

www.securityfocus.com/bid/27576

www.securityfocus.com/bid/27577

www.securitytracker.com/id?1019297

www.vupen.com/english/advisories/2008/0391/references

www.vupen.com/english/advisories/2008/0394/references

www.exploit-db.com/exploits/5049

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.769 High

EPSS

Percentile

98.2%

Related for NVD:CVE-2008-0660

cvelist1 saint4 kaspersky1 prion1 cve1 d21 checkpoint_advisories2 cert1 nessus1