CVE-2008-0660

EUVD-2008-0670
Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
aurigmaimage_uploader_activex_control
4.5.70.0
aurigmaimage_uploader_activex_control
4.5.126.0
aurigmaimage_uploader_activex_control
4.6.17.0
aurigmaimage_uploader_activex_control
5.0.10.0
facebookfacebook
*
facebookphotouploader
4.5.57.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2008/Feb/0023.html
http://secunia.com/advisories/28707
http://secunia.com/advisories/28713
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483
http://www.kb.cert.org/vuls/id/776931
http://www.securityfocus.com/bid/27576
http://www.securityfocus.com/bid/27577
http://www.securitytracker.com/id?1019297
http://www.vupen.com/english/advisories/2008/0391/references
http://www.vupen.com/english/advisories/2008/0394/references
https://www.exploit-db.com/exploits/5049
http://seclists.org/fulldisclosure/2008/Feb/0023.html
http://secunia.com/advisories/28707
http://secunia.com/advisories/28713
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483
http://www.kb.cert.org/vuls/id/776931
http://www.securityfocus.com/bid/27576
http://www.securityfocus.com/bid/27577
http://www.securitytracker.com/id?1019297
http://www.vupen.com/english/advisories/2008/0391/references
http://www.vupen.com/english/advisories/2008/0394/references
https://www.exploit-db.com/exploits/5049