Full Disclosure mailing list archives
FaceBook/Aurigma Image/PhotoUploader Buffer Overflow
From: "Elazar Broad" <elazar () hushmail com>
Date: Sun, 03 Feb 2008 19:36:07 +0000
Who: FaceBook http://www.facebook.com Aurigma http://www.aurigma.com What: FaceBook uses Aurigma's ImageUploader control. This control enables users to upload photos to FaceBook. How: Please note that this vulnerability is DIFFERENT than the one that I previously posted. This also affects the stock Aurigma ImageUploader control. The control is vulnerable to a stack-based buffer overflow in the ExtractExif and ExtractIptc properties. See the exploit code for buffer offsets. Other properties may be vulnerable as well to a DoS and/or code execution. The following controls are vulnerable, other version may be vulnerable as well: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} FaceBook PhotoUploader 4.5.57.0 {6E5E167B-1566-4316-B27F-0DDAB3484CF7} Aurigma ImageUploader4 4.6.17.0 Aurigma ImageUploader4 4.5.70.0 Aurigma ImageUploader4 4.5.126.0 {BA162249-F2C5-4851-8ADC-FC58CB424243} Aurigma ImageUploader5 5.0.10.0 The following controls are NOT vulnerable: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} FaceBook PhotoUploader 4.5.57.1 Fix: FaceBook PhotoUploader: Update to 4.5.57.1 Aurigma: No official fix known. Vendor has been notified Workaround: Set the killbit for these controls, see http://support.microsoft.com/kb/240797 Exploit: Code should be posted on milw0rm shortly Elazar -- Click here for free information on how to reduce your debt by filing for bankruptcy. http://tagline.hushmail.com/fc/Ioyw6h4elLzBhoUyndVr9y0FUHMKd5NvFr9ZX2hIQb9ucOEZJnaoSc/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- FaceBook/Aurigma Image/PhotoUploader Buffer Overflow Elazar Broad (Feb 03)