CVE-2008-0660

Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.

Published: Feb 8, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-0660
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
aurigma / image_uploader_activex_control	4.5.70.0	4.5.70.0.x
facebook / facebook	-	-
aurigma / image_uploader_activex_control	4.5.126.0	4.5.126.0.x
aurigma / image_uploader_activex_control	5.0.10.0	5.0.10.0.x
aurigma / image_uploader_activex_control	4.6.17.0	4.6.17.0.x
facebook / photouploader	4.5.57.0	4.5.57.0.x

http://seclists.org/fulldisclosure/2008/Feb/0023.html
http://secunia.com/advisories/28707
http://secunia.com/advisories/28713
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483
http://www.kb.cert.org/vuls/id/776931
http://www.securityfocus.com/bid/27576
http://www.securityfocus.com/bid/27577
http://www.securitytracker.com/id?1019297
http://www.vupen.com/english/advisories/2008/0391/references
http://www.vupen.com/english/advisories/2008/0394/references
https://www.exploit-db.com/exploits/5049

Vulnerability Database

289,599

CVE-2008-0660