| Name | MySpace.Uploader.Action.ActiveX.Control.Access |
| Release Date | Jan 31, 2008 |
| Severity | Critical |
| Impact | System Compromise: remote code execution. |
| Description | This indicates an attempt to exploit a buffer overflow vulnerability in the MySpace Uploader ActiveX Control.
The software is vulnerable to a buffer overflow when an attacker passes an overly long string to the 'Action' property. This can lead to arbitrary code execution on the target computer. |
| Affected Products | MySpaceUploader.ocx version 1.0.0.4
MySpaceUploader.ocx version 1.0.0.5 |
| Recommended Actions | Update this component when the update becomes available. For now set the kill bit on this ActiveX Control. |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0659
|
| Reference/s | http://www.securityfocus.com/bid/27533 (BugTraq)
http://www.vupen.com/english/advisories/2008/0344 (FrSIRT)
http://milw0rm.org/exploits/5025
|