FKIE_CVE-2008-0660

Vulnerability from fkie_nvd - Published: 2008-02-08 02:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.
References
cve@mitre.orghttp://seclists.org/fulldisclosure/2008/Feb/0023.html
cve@mitre.orghttp://secunia.com/advisories/28707Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28713Vendor Advisory
cve@mitre.orghttp://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483
cve@mitre.orghttp://www.kb.cert.org/vuls/id/776931US Government Resource
cve@mitre.orghttp://www.securityfocus.com/bid/27576
cve@mitre.orghttp://www.securityfocus.com/bid/27577
cve@mitre.orghttp://www.securitytracker.com/id?1019297
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0391/references
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0394/references
cve@mitre.orghttps://www.exploit-db.com/exploits/5049
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2008/Feb/0023.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28707Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28713Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/776931US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/27576
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/27577
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019297
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0391/references
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0394/references
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/5049
Impacted products
Vendor Product Version
aurigma image_uploader_activex_control 4.5.70.0
aurigma image_uploader_activex_control 4.5.126.0
aurigma image_uploader_activex_control 4.6.17.0
aurigma image_uploader_activex_control 5.0.10.0
facebook facebook *
facebook photouploader 4.5.57.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aurigma:image_uploader_activex_control:4.5.70.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0556F443-8B5D-46E4-A6D1-B3C2233F12B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aurigma:image_uploader_activex_control:4.5.126.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "862FFE86-B759-420B-A3A4-BBBAE22229A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aurigma:image_uploader_activex_control:4.6.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "20F7FBFB-24AA-4CCB-8CEC-E1BC8682574B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aurigma:image_uploader_activex_control:5.0.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F15B9A9B-3218-4E5F-ABFA-0D6BF1DBD926",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:facebook:facebook:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D21D43B-793C-4D67-A6EE-EEE7471920D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:facebook:photouploader:4.5.57.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FA99512-97A0-453D-A142-5C743DD9D8D0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en el control ActiveX de Aurigma Image Uploader (ImageUploader4.ocx) versiones 4.6.17.0, 4.5.70.0 y 4.5.126.0 y en ImageUploader5 5.0.10.0, tal y como se usa en Facebook PhotoUploader 4.5.57.0, permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante valores largos en las propiedades (1) ExtractExif y (2) ExtractIptc."
    }
  ],
  "id": "CVE-2008-0660",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-02-08T02:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2008/Feb/0023.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28707"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28713"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9060483"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/776931"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/27576"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/27577"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019297"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0391/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0394/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/5049"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2008/Feb/0023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28707"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9060483"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/776931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27576"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0391/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0394/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/5049"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.