CVE-2008-0660 – FaceBook PhotoUploader - 'ImageUploader4.ocx 4.5.57.0' Remote Buffer Overflow

https://notcve.org/view.php?id=CVE-2008-0660

Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties. Múltiples desbordamientos de búfer basados en pila en el control ActiveX de Aurigma Image Uploader (ImageUploader4.ocx) versiones 4.6.17.0, 4.5.70.0 y 4.5.126.0 y en ImageUploader5 5.0.10.0, tal y como se usa en Facebook PhotoUploader 4.5.57.0, permiten a atacantes remotos ejecutar código de su elección mediante valores largos en las propiedades (1) ExtractExif y (2) ExtractIptc. • https://www.exploit-db.com/exploits/5049 http://seclists.org/fulldisclosure/2008/Feb/0023.html http://secunia.com/advisories/28707 http://secunia.com/advisories/28713 http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483 http://www.kb.cert.org/vuls/id/776931 http://www.securityfocus.com/bid/27576 http://www.securityfocus.com/bid/27577 http://www.securitytracker.com/id?1019297 http://www.vupen.com/english/advisories/2008/0391/references http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •