Facebook PhotoUploader is an ActiveX control which allows uploading of photos to the Facebook web site. It uses the Aurigma ImageUploader product.
A buffer overflow vulnerability in Facebook PhotoUploader allows command execution when a user loads a web page which sets a specially crafted ExtractIptc property.
Upgrade to version 22.214.171.124 or higher.
Exploit works on Facebook PhotoUploader 126.96.36.199 and requires a user to load the exploit page in Internet Explorer.