CVE-2008-0660

Description

Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.

Affected Software
References

Software	From	Fixed in
aurigma / image_uploader_activex_control	4.5.126.0	4.5.126.0.x
aurigma / image_uploader_activex_control	4.5.70.0	4.5.70.0.x
aurigma / image_uploader_activex_control	4.6.17.0	4.6.17.0.x
aurigma / image_uploader_activex_control	5.0.10.0	5.0.10.0.x
facebook / facebook	-	-
facebook / photouploader	4.5.57.0	4.5.57.0.x

http://seclists.org/fulldisclosure/2008/Feb/0023.html
http://secunia.com/advisories/28707
http://secunia.com/advisories/28713
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483
http://www.kb.cert.org/vuls/id/776931
http://www.securityfocus.com/bid/27576
http://www.securityfocus.com/bid/27577
http://www.securitytracker.com/id?1019297
http://www.vupen.com/english/advisories/2008/0391/references
http://www.vupen.com/english/advisories/2008/0394/references
https://www.exploit-db.com/exploits/5049

Severity: High

CVE: CVE-2008-0660
Published: Feb 8, 2008
Updated: Apr 13, 2023
Exploit:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119

CVE-2008-0660

Description

Details

CVSS v2

CWEs