Detections
Analytics

CVE-2008-0660

critical

Description

Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.

References

https://www.exploit-db.com/exploits/5049

http://www.vupen.com/english/advisories/2008/0394/references

http://www.vupen.com/english/advisories/2008/0391/references

http://www.securitytracker.com/id?1019297

http://www.securityfocus.com/bid/27577

http://www.securityfocus.com/bid/27576

http://www.kb.cert.org/vuls/id/776931

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483

http://secunia.com/advisories/28713

http://secunia.com/advisories/28707

http://seclists.org/fulldisclosure/2008/Feb/0023.html

Details

Source: Mitre, NVD

Published: 2008-02-08

Updated: 2017-09-29

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical