Aurigma.Image.Uploader.ActiveX.Control

NameAurigma.Image.Uploader.ActiveX.Control.Code.Execution
Release DateFeb 04, 2008
SeverityCritical
ImpactSystem Compromise: remote code execution.
DescriptionThis indicates an attempt to exploit one of several buffer overflow vulnerabilities in Aurigma Image Uploader.

There are multiple stack based buffer overflow vulnerabilities in an Aurigma Image Uploader ActiveX control, ImageUploader4.ocx, which is used by Facebook PhotoUploader. The vulnerabilities allow remote attackers to execute arbitrary code via long properties.
Affected ProductsAurigma ImageUploader4 4.5.70.0 and 4.5.126.0
Aurigma ImageUploader4 4.6.17.0
Aurigma ImageUploader5 5.0.10.0
Facebook PhotoUploader 4.5.57.0
Recommended ActionsUpdate this ActiveX control to the latest version.
Common Vulnerabilities and Exposures (CVE)http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0660
Reference/shttp://www.securityfocus.com/bid/26537 (BugTraq)
http://www.securityfocus.com/bid/27534 (BugTraq)
http://www.securityfocus.com/bid/27539 (BugTraq)
http://www.vupen.com/english/advisories/2008/0391 (FrSIRT)
http://www.vupen.com/english/advisories/2008/0394 (FrSIRT)
http://milw0rm.org/exploits/5049
http://milw0rm.org/exploits/5102
Reference: VID-15383