Vulnerability Details CVE-2008-0660
Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.571
EPSS Ranking 98.0%
CVSS Severity
CVSS v2 Score 9.3
References
- http://seclists.org/fulldisclosure/2008/Feb/0023.html
- http://secunia.com/advisories/28707
- http://secunia.com/advisories/28713
- http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483
- http://www.kb.cert.org/vuls/id/776931
- http://www.securityfocus.com/bid/27576
- http://www.securityfocus.com/bid/27577
- http://www.securitytracker.com/id?1019297
- http://www.vupen.com/english/advisories/2008/0391/references
- http://www.vupen.com/english/advisories/2008/0394/references
- https://www.exploit-db.com/exploits/5049
- http://seclists.org/fulldisclosure/2008/Feb/0023.html
- http://secunia.com/advisories/28707
- http://secunia.com/advisories/28713
- http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483
- http://www.kb.cert.org/vuls/id/776931
- http://www.securityfocus.com/bid/27576
- http://www.securityfocus.com/bid/27577
- http://www.securitytracker.com/id?1019297
- http://www.vupen.com/english/advisories/2008/0391/references
- http://www.vupen.com/english/advisories/2008/0394/references
- https://www.exploit-db.com/exploits/5049
Products affected by CVE-2008-0660
-
cpe:2.3:a:aurigma:image_uploader_activex_control:4.5.126.0
-
cpe:2.3:a:aurigma:image_uploader_activex_control:4.5.70.0
-
cpe:2.3:a:aurigma:image_uploader_activex_control:4.6.17.0
-
cpe:2.3:a:aurigma:image_uploader_activex_control:5.0.10.0
-
cpe:2.3:a:facebook:facebook:1.7.16
-
cpe:2.3:a:facebook:facebook:1.7.17
-
cpe:2.3:a:facebook:facebook:1.7.18
-
cpe:2.3:a:facebook:facebook:1.7.19
-
cpe:2.3:a:facebook:facebook:1.7.20
-
cpe:2.3:a:facebook:facebook:1.7.21
-
cpe:2.3:a:facebook:facebook:1.7.22
-
cpe:2.3:a:facebook:facebook:1.7.23
-
cpe:2.3:a:facebook:facebook:1.7.24
-
cpe:2.3:a:facebook:facebook:1.7.25
-
cpe:2.3:a:facebook:facebook:1.8.0
-
cpe:2.3:a:facebook:facebook:2.0.0
-
cpe:2.3:a:facebook:facebook:2.0.1
-
cpe:2.3:a:facebook:facebook:2.0.2
-
cpe:2.3:a:facebook:facebook:2.1.0
-
cpe:2.3:a:facebook:facebook:2.2.0
-
cpe:2.3:a:facebook:facebook:2.2.1
-
cpe:2.3:a:facebook:facebook:2.2.2
-
cpe:2.3:a:facebook:facebook:3.0.0
-
cpe:2.3:a:facebook:facebook:3.0.1
-
cpe:2.3:a:facebook:facebook:3.0.2
-
cpe:2.3:a:facebook:facebook:3.0.3
-
cpe:2.3:a:facebook:facebook:3.0.4
-
cpe:2.3:a:facebook:photouploader:4.5.57.0