Who:
FaceBook
http://www.facebook.com
Aurigma
http://www.aurigma.com
What:
FaceBook uses Aurigma's ImageUploader control. This control enables
users to upload photos to FaceBook.
How:
Please note that this vulnerability is DIFFERENT than the one that
I previously posted. This also affects the stock Aurigma
ImageUploader control.
The control is vulnerable to a stack-based buffer overflow in the
ExtractExif and ExtractIptc properties. See the exploit code for
buffer offsets. Other properties may be vulnerable as well to a DoS
and/or code execution.
The following controls are vulnerable, other version may be
vulnerable as well:
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}
FaceBook PhotoUploader 4.5.57.0
{6E5E167B-1566-4316-B27F-0DDAB3484CF7}
Aurigma ImageUploader4 4.6.17.0
Aurigma ImageUploader4 4.5.70.0
Aurigma ImageUploader4 4.5.126.0
{BA162249-F2C5-4851-8ADC-FC58CB424243}
Aurigma ImageUploader5 5.0.10.0
The following controls are NOT vulnerable:
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}
FaceBook PhotoUploader 4.5.57.1
Fix:
FaceBook PhotoUploader: Update to 4.5.57.1
Aurigma: No official fix known. Vendor has been notified
Workaround:
Set the killbit for these controls, see
http://support.microsoft.com/kb/240797
Exploit:
Code should be posted on milw0rm shortly
Elazar
--
Click here for free information on how to reduce your debt by filing for bankruptcy.
http://tagline.hushmail.com/fc/Ioyw6h4elLzBhoUyndVr9y0FUHMKd5NvFr9ZX2hIQb9ucOEZJnaoSc/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Feb 03 2008
Intro
