Lucene search

SAINT CorporationSAINT:8EBDE6158992C5DFE28EEF221663C9D1

HistoryMay 19, 2008 - 12:00 a.m.

Facebook PhotoUploader ActiveX control ExtractIptc buffer overflow

2008-05-1900:00:00

SAINT Corporation

my.saintcorporation.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.774

Percentile

98.2%

JSON

Added: 05/19/2008
CVE: CVE-2008-0660
BID: 27576
OSVDB: 41073

Background

Facebook PhotoUploader is an ActiveX control which allows uploading of photos to the Facebook web site. It uses the Aurigma ImageUploader product.

Problem

A buffer overflow vulnerability in Facebook PhotoUploader allows command execution when a user loads a web page which sets a specially crafted ExtractIptc property.

Resolution

Upgrade to version 4.5.57.1 or higher.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2008-02/0024.html>
<http://secunia.com/advisories/28713>

Limitations

Exploit works on Facebook PhotoUploader 4.5.57.0 and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.774

Percentile

98.2%

JSON

Related for SAINT:8EBDE6158992C5DFE28EEF221663C9D1