CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-0660

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0700%
EPSS Percentile43.95th
Published2008年2月8日
Last Modified2026年4月23日

Vulnerability Description

Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.

Affected Platforms (CPE)

📦
Aurigma

Image Uploader Activex Control

= 4.5.70.0
📦
Aurigma

Image Uploader Activex Control

= 4.5.126.0
📦
Aurigma

Image Uploader Activex Control

= 4.6.17.0
📦
Aurigma

Image Uploader Activex Control

= 5.0.10.0
📦
Facebook

Facebook

All versions
📦
Facebook

Photouploader

= 4.5.57.0

References & Advisories

🔗 http://seclists.org/fulldisclosure/2008/Feb/0023.html
🔗 http://secunia.com/advisories/28707
🔗 http://secunia.com/advisories/28713
🔗 http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483
🔗 http://www.kb.cert.org/vuls/id/776931
🔗 http://www.securityfocus.com/bid/27576
🔗 http://www.securityfocus.com/bid/27577
🔗 http://www.securitytracker.com/id?1019297

相关漏洞威胁

CVE-2008-065910.0

Stack-based buffer overflow in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.5.70 and earlier, as used in MySpace ...

CVE-2008-66388.8

Insecure method vulnerability in the Versalsoft HTTP Image Uploader ActiveX control (UUploaderSvrD.dll 6.0.0.35) allows remote att...

CVE-2008-44936.8

Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows ...

CVE-2008-45492.6

The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ImageShack Toolbar 4.5.7, possibly including 4.5.7.69, allows re...