CVE-2008-1490
published 2008-03-25CVE-2008-1490: Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4.ocx 4.1.36.0, as used with Piczo (aka Pizco) and possibly other online services, allows…
PriorityP266critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
3.97%
89.2th percentile
Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4.ocx 4.1.36.0, as used with Piczo (aka Pizco) and possibly other online services, allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long Action property, a different CLSID than CVE-2008-0659.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aurigma | image_uploader_activex_control | — | — |
| piczo | imageuploader4 | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r8wh-xjhh-44p3: Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4
ghsa_unreviewed·2022-05-01·CVSS 10.0
CVE-2008-1490 [CRITICAL] CWE-119 GHSA-r8wh-xjhh-44p3: Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4
Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4.ocx 4.1.36.0, as used with Piczo (aka Pizco) and possibly other online services, allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long Action property, a different CLSID than CVE-2008-0659.
VulnCheck
aurigma image_uploader_activex_control Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2008·CVSS 10.0
CVE-2008-1490 [CRITICAL] aurigma image_uploader_activex_control Improper Restriction of Operations within the Bounds of a Memory Buffer
aurigma image_uploader_activex_control Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4.ocx 4.1.36.0, as used with Piczo (aka Pizco) and possibly other online services, allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long Action property, a different CLSID than CVE-2008-0659.
Affected: aurigma image_uploader_activex_control
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.virusbulletin.com/virusbulletin/2010/05/exploit-kit-explosion-part-two-vectors-attack/
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=120605071403813&w=2http://secunia.com/advisories/29445http://www.securityfocus.com/bid/28354https://exchange.xforce.ibmcloud.com/vulnerabilities/40152http://marc.info/?l=bugtraq&m=120605071403813&w=2http://secunia.com/advisories/29445http://www.securityfocus.com/bid/28354https://exchange.xforce.ibmcloud.com/vulnerabilities/40152
2008-03-25
Published
Exploited in the wild