CyberSec.Space Logo
Back to CVE Browser

CVE-2008-0660

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0700%
EPSS Percentile43.95th
PublishedFeb 8, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.

Affected Platforms (CPE)

πŸ“¦
Aurigma

Image Uploader Activex Control

= 4.5.70.0
πŸ“¦
Aurigma

Image Uploader Activex Control

= 4.5.126.0
πŸ“¦
Aurigma

Image Uploader Activex Control

= 4.6.17.0
πŸ“¦
Aurigma

Image Uploader Activex Control

= 5.0.10.0
πŸ“¦
Facebook

Facebook

All versions
πŸ“¦
Facebook

Photouploader

= 4.5.57.0

References & Advisories

πŸ”— http://seclists.org/fulldisclosure/2008/Feb/0023.html
πŸ”— http://secunia.com/advisories/28707
πŸ”— http://secunia.com/advisories/28713
πŸ”— http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483
πŸ”— http://www.kb.cert.org/vuls/id/776931
πŸ”— http://www.securityfocus.com/bid/27576
πŸ”— http://www.securityfocus.com/bid/27577
πŸ”— http://www.securitytracker.com/id?1019297

Related Vulnerabilities

CVE-2008-065910.0

Stack-based buffer overflow in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.5.70 and earlier, as used in MySpace ...

CVE-2008-66388.8

Insecure method vulnerability in the Versalsoft HTTP Image Uploader ActiveX control (UUploaderSvrD.dll 6.0.0.35) allows remote att...

CVE-2008-44936.8

Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows ...

CVE-2008-45492.6

The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ImageShack Toolbar 4.5.7, possibly including 4.5.7.69, allows re...