CVE-2008-0660
FaceBook PhotoUploader - 'ImageUploader4.ocx 4.5.57.0' Remote Buffer Overflow
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.
Múltiples desbordamientos de búfer basados en pila en el control ActiveX de Aurigma Image Uploader (ImageUploader4.ocx) versiones 4.6.17.0, 4.5.70.0 y 4.5.126.0 y en ImageUploader5 5.0.10.0, tal y como se usa en Facebook PhotoUploader 4.5.57.0, permiten a atacantes remotos ejecutar código de su elección mediante valores largos en las propiedades (1) ExtractExif y (2) ExtractIptc.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-02-07 CVE Reserved
- 2008-02-08 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-11-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2008/Feb/0023.html | Mailing List |
|
| http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483 | X_refsource_misc | |
| http://www.kb.cert.org/vuls/id/776931 | Third Party Advisory |
|
| http://www.securityfocus.com/bid/27576 | Vdb Entry | |
| http://www.securityfocus.com/bid/27577 | Vdb Entry | |
| http://www.securitytracker.com/id?1019297 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/0391/references | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/0394/references | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/5049 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/28707 | 2017-09-29 | |
| http://secunia.com/advisories/28713 | 2017-09-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Aurigma Search vendor "Aurigma" | Image Uploader Activex Control Search vendor "Aurigma" for product "Image Uploader Activex Control" | 4.5.70.0 Search vendor "Aurigma" for product "Image Uploader Activex Control" and version "4.5.70.0" | - |
Affected
| ||||||
| Aurigma Search vendor "Aurigma" | Image Uploader Activex Control Search vendor "Aurigma" for product "Image Uploader Activex Control" | 4.5.126.0 Search vendor "Aurigma" for product "Image Uploader Activex Control" and version "4.5.126.0" | - |
Affected
| ||||||
| Aurigma Search vendor "Aurigma" | Image Uploader Activex Control Search vendor "Aurigma" for product "Image Uploader Activex Control" | 4.6.17.0 Search vendor "Aurigma" for product "Image Uploader Activex Control" and version "4.6.17.0" | - |
Affected
| ||||||
| Aurigma Search vendor "Aurigma" | Image Uploader Activex Control Search vendor "Aurigma" for product "Image Uploader Activex Control" | 5.0.10.0 Search vendor "Aurigma" for product "Image Uploader Activex Control" and version "5.0.10.0" | - |
Affected
| ||||||
| Facebook Search vendor "Facebook" | Facebook Search vendor "Facebook" for product "Facebook" | * | - |
Affected
| ||||||
| Facebook Search vendor "Facebook" | Photouploader Search vendor "Facebook" for product "Photouploader" | 4.5.57.0 Search vendor "Facebook" for product "Photouploader" and version "4.5.57.0" | - |
Affected
| ||||||