CVE-2008-0660

Sažetak

Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.

Reference

http://seclists.org/fulldisclosure/2008/Feb/0023.html
http://secunia.com/advisories/28707
http://secunia.com/advisories/28713
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483
http://www.kb.cert.org/vuls/id/776931
http://www.securityfocus.com/bid/27576
http://www.securityfocus.com/bid/27577
http://www.securitytracker.com/id?1019297
http://www.vupen.com/english/advisories/2008/0391/references
http://www.vupen.com/english/advisories/2008/0394/references
https://www.exploit-db.com/exploits/5049

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-09-2017 - 01:30

Objavljeno

08-02-2008 - 02:00