CVE-2008-0659

Aurigma Image Uploader ActiveX Control <= 4.5.70 - Stack-based Buffer Overflow via Action Property

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0659. PoCs published by Elazar.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in MySpace Uploader ActiveX control (MySpaceUploader.ocx) and Aurigma ImageUploader4.ocx. It uses heap spraying to achieve remote code execution via a maliciously crafted HTML page.

Description

Stack-based buffer overflow in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.5.70 and earlier, as used in MySpace MySpaceUploader.ocx 1.0.0.4, allows remote attackers to execute arbitrary code via a long Action property.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Elazar · htmlremotewindows

https://www.exploit-db.com/exploits/5025

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in MySpace Uploader ActiveX control (MySpaceUploader.ocx) and Aurigma ImageUploader4.ocx. It uses heap spraying to achieve remote code execution via a maliciously crafted HTML page.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: MySpace Uploader ActiveX Control (version 1.0.0.4) and Aurigma ImageUploader4.ocx (version 4.5.70.0)

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer 6 on Windows XP SP2 · ActiveX controls must be enabled

MITRE ATT&CK