Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:34C06EFA602AFC3EE1F7B1DB41CA1A94
HistoryMay 19, 2008 - 12:00 a.m.

Facebook PhotoUploader ActiveX control ExtractIptc buffer overflow

2008-05-1900:00:00
SAINT Corporation
download.saintcorporation.com
8

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.769 High

EPSS

Percentile

98.2%

JSON

Added: 05/19/2008
CVE: CVE-2008-0660
BID: 27576
OSVDB: 41073

Background

Facebook PhotoUploader is an ActiveX control which allows uploading of photos to the Facebook web site. It uses the Aurigma ImageUploader product.

Problem

A buffer overflow vulnerability in Facebook PhotoUploader allows command execution when a user loads a web page which sets a specially crafted ExtractIptc property.

Resolution

Upgrade to version 4.5.57.1 or higher.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2008-02/0024.html&gt;
<http://secunia.com/advisories/28713&gt;

Limitations

Exploit works on Facebook PhotoUploader 4.5.57.0 and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows

Related

cvelist 1
nvd 1
saint 3
kaspersky 1
prion 1
d2 1
checkpoint_advisories 2
cve 1
cert 1
nessus 1
cvelist
cvelist
CVE-2008-0660
2008-02-08 01:00:00
nvd
nvd
CVE-2008-0660
2008-02-08 02:00:00
saint
saint
Facebook PhotoUploader ActiveX control ExtractIptc buffer overflow
2008-05-19 00:00:00
Facebook PhotoUploader ActiveX control ExtractIptc buffer overflow
2008-05-19 00:00:00
Facebook PhotoUploader ActiveX control ExtractIptc buffer overflow
2008-05-19 00:00:00
kaspersky
kaspersky
KLA10079 ACE vulnerability in Aurigma Image Uploader
2008-02-07 00:00:00
prion
prion
Stack overflow
2008-02-08 02:00:00
d2
d2
DSquare Exploit Pack: D2SEC_FACEBOOK
2008-02-08 02:00:00
checkpoint_advisories
checkpoint_advisories
Facebook Photo Uploader ActiveX Control FileMask Method Buffer Overflow - Ver2 (CVE-2008-0660)
2014-12-28 00:00:00
Facebook Photo Uploader ActiveX Control FileMask Method Buffer Overflow (CVE-2008-0660)
2009-12-14 00:00:00
cve
cve
CVE-2008-0660
2008-02-08 02:00:00
cert
cert
Aurigma ImageUploader ActiveX control stack buffer overflows
2008-02-04 00:00:00
nessus
nessus
Facebook Photo Uploader ActiveX Control < 4.5.57.1 Multiple Buffer Overflows
2008-02-05 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.769 High

EPSS

Percentile

98.2%

JSON
Related for SAINT:34C06EFA602AFC3EE1F7B1DB41CA1A94
cvelist1nvd1saint3kaspersky1prion1d21checkpoint_advisories2cve1cert1nessus1