CVE-2008-0660: Buffer Overflow
First published: Fri Feb 08 2008(Updated: )
Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Photochannel Pni Digital Media Upload Plugin Activex Control | =4.5.70.0 | |
| Photochannel Pni Digital Media Upload Plugin Activex Control | =4.5.126.0 | |
| Photochannel Pni Digital Media Upload Plugin Activex Control | =4.6.17.0 | |
| Photochannel Pni Digital Media Upload Plugin Activex Control | =5.0.10.0 | |
| Facebook PhotoUploader | =4.5.57.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://seclists.org/fulldisclosure/2008/Feb/0023.html
- http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483
- http://www.kb.cert.org/vuls/id/776931
- http://www.securitytracker.com/id?1019297
- http://secunia.com/advisories/28707
- http://secunia.com/advisories/28713
- http://www.securityfocus.com/bid/27577
- http://www.securityfocus.com/bid/27576
- http://www.vupen.com/english/advisories/2008/0394/references
- http://www.vupen.com/english/advisories/2008/0391/references
- https://www.exploit-db.com/exploits/5049
Frequently Asked Questions
What is the severity of CVE-2008-0660?
CVE-2008-0660 has a critical severity rating due to the potential for remote code execution.
How do I fix CVE-2008-0660?
To mitigate CVE-2008-0660, users should update to the latest version of Aurigma Image Uploader ActiveX control or disable ActiveX controls in their web browser.
Which versions are affected by CVE-2008-0660?
CVE-2008-0660 affects Aurigma Image Uploader ActiveX control versions 4.5.70.0, 4.5.126.0, 4.6.17.0 and 5.0.10.0, as well as Facebook PhotoUploader version 4.5.57.0.
What types of attacks can exploit CVE-2008-0660?
CVE-2008-0660 can be exploited through specially crafted calls to the ExtractExif and ExtractIp functions, leading to arbitrary code execution.
Is there a workaround for CVE-2008-0660?
As a temporary workaround for CVE-2008-0660, users can limit the use of the Aurigma Image Uploader by avoiding untrusted uploads.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/softwarecombine
- vendor/aurigma
- canonical/photochannel pni digital media upload plugin activex control
- version/photochannel pni digital media upload plugin activex control/4.5.70.0
- version/photochannel pni digital media upload plugin activex control/4.5.126.0
- version/photochannel pni digital media upload plugin activex control/4.6.17.0
- version/photochannel pni digital media upload plugin activex control/5.0.10.0
- vendor/facebook
- canonical/facebook
- canonical/facebook photouploader
- version/facebook photouploader/4.5.57.0