Описание
Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.
Ссылки
- Vendor Advisory
- Vendor Advisory
- US Government Resource
- Vendor Advisory
- Vendor Advisory
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:aurigma:image_uploader_activex_control:4.5.70.0:*:*:*:*:*:*:*
cpe:2.3:a:aurigma:image_uploader_activex_control:4.5.126.0:*:*:*:*:*:*:*
cpe:2.3:a:aurigma:image_uploader_activex_control:4.6.17.0:*:*:*:*:*:*:*
cpe:2.3:a:aurigma:image_uploader_activex_control:5.0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:facebook:*:*:*:*:*:*:*:*
cpe:2.3:a:facebook:photouploader:4.5.57.0:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.54394
Средний
9.3 Critical
CVSS2
Дефекты
CWE-119
Связанные уязвимости
github
почти 4 года назад
Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.
EPSS
Процентиль: 98%
0.54394
Средний
9.3 Critical
CVSS2
Дефекты
CWE-119