cbcvebase.
CVE-2008-0660
published 2008-02-08

CVE-2008-0660: Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5…

PriorityP357critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
37.76%
98.4th percentile
Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.

Affected

5 ranges
VendorProductVersion rangeFixed in
aurigmaimage_uploader_activex_control
aurigmaimage_uploader_activex_control
aurigmaimage_uploader_activex_control
aurigmaimage_uploader_activex_control
facebookphotouploader

Detection & IOCsextracted from sources · hover to see the quote

filenameImageUploader4.ocx
versionImageUploader4.ocx 4.5.57.0
  • Monitor instantiation of the vulnerable ActiveX control ImageUploader4.ocx (CLSIDs associated with Aurigma Image Uploader) in browser processes; exploitation occurs via overly long ExtractExif or ExtractIptc property values passed to the control.
  • Alert on heap spray patterns using repeated %u4141 NOP-sled sequences in browser scripting contexts, indicative of exploitation attempts against this ActiveX control.
  • Flag pages that attempt to create the Aurigma ImageUploader4 or ImageUploader5 ActiveX object and simultaneously set ExtractExif or ExtractIptc to abnormally long strings.
  • ·Multiple vulnerable versions exist across two product lines; ensure detection covers all listed versions of ImageUploader4.ocx (4.6.17.0, 4.5.70.0, 4.5.126.0) and ImageUploader5 (5.0.10.0), as well as the Facebook PhotoUploader repackaging (4.5.57.0).
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.