CVE-2008-0660

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-0660
Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://seclists.org/fulldisclosure/2008/Feb/0023.html
http://secunia.com/advisories/28707 Vendor Advisory
http://secunia.com/advisories/28713 Vendor Advisory
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483
http://www.kb.cert.org/vuls/id/776931 US Government Resource
http://www.securityfocus.com/bid/27576
http://www.securityfocus.com/bid/27577
http://www.securitytracker.com/id?1019297
http://www.vupen.com/english/advisories/2008/0391/references
http://www.vupen.com/english/advisories/2008/0394/references
https://www.exploit-db.com/exploits/5049
http://seclists.org/fulldisclosure/2008/Feb/0023.html
http://secunia.com/advisories/28707 Vendor Advisory
http://secunia.com/advisories/28713 Vendor Advisory
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483
http://www.kb.cert.org/vuls/id/776931 US Government Resource
http://www.securityfocus.com/bid/27576
http://www.securityfocus.com/bid/27577
http://www.securitytracker.com/id?1019297
http://www.vupen.com/english/advisories/2008/0391/references
http://www.vupen.com/english/advisories/2008/0394/references
https://www.exploit-db.com/exploits/5049
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:aurigma:image_uploader_activex_control:4.5.70.0:*:*:*:*:*:*:*
cpe:2.3:a:aurigma:image_uploader_activex_control:4.5.126.0:*:*:*:*:*:*:*
cpe:2.3:a:aurigma:image_uploader_activex_control:4.6.17.0:*:*:*:*:*:*:*
cpe:2.3:a:aurigma:image_uploader_activex_control:5.0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:facebook:*:*:*:*:*:*:*:*
cpe:2.3:a:facebook:photouploader:4.5.57.0:*:*:*:*:*:*:*
History

21 Nov 2024, 00:42

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2008/Feb/0023.html - () http://seclists.org/fulldisclosure/2008/Feb/0023.html -
References () http://secunia.com/advisories/28707 - Vendor Advisory () http://secunia.com/advisories/28707 - Vendor Advisory
References () http://secunia.com/advisories/28713 - Vendor Advisory () http://secunia.com/advisories/28713 - Vendor Advisory
References () http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483 - () http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483 -
References () http://www.kb.cert.org/vuls/id/776931 - US Government Resource () http://www.kb.cert.org/vuls/id/776931 - US Government Resource
References () http://www.securityfocus.com/bid/27576 - () http://www.securityfocus.com/bid/27576 -
References () http://www.securityfocus.com/bid/27577 - () http://www.securityfocus.com/bid/27577 -
References () http://www.securitytracker.com/id?1019297 - () http://www.securitytracker.com/id?1019297 -
References () http://www.vupen.com/english/advisories/2008/0391/references - () http://www.vupen.com/english/advisories/2008/0391/references -
References () http://www.vupen.com/english/advisories/2008/0394/references - () http://www.vupen.com/english/advisories/2008/0394/references -
References () https://www.exploit-db.com/exploits/5049 - () https://www.exploit-db.com/exploits/5049 -
Information

Published : 2008-02-08 02:00

Updated : 2024-11-21 00:42

NVD link : CVE-2008-0660

Mitre link : CVE-2008-0660

CVE.ORG link : CVE-2008-0660

JSON object : View

Products Affected

facebook

  • photouploader
  • facebook

aurigma

  • image_uploader_activex_control
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024