Facebook PhotoUploader ActiveX control ExtractIptc buffer overflow

Added: 05/19/2008
CVE: CVE-2008-0660
BID: 27576
OSVDB: 41073

Background

Facebook PhotoUploader is an ActiveX control which allows uploading of photos to the Facebook web site. It uses the Aurigma ImageUploader product.

Problem

A buffer overflow vulnerability in Facebook PhotoUploader allows command execution when a user loads a web page which sets a specially crafted ExtractIptc property.

Resolution

Upgrade to version 4.5.57.1 or higher.

References

http://archives.neohapsis.com/archives/fulldisclosure/2008-02/0024.html
http://secunia.com/advisories/28713

Limitations

Exploit works on Facebook PhotoUploader 4.5.57.0 and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows

Back to exploit index