CVE-2008-0660

Aurigma Image Uploader ActiveX Control Stack-Based Buffer Overflow via ExtractExif/ExtractIptc

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0660. PoCs published by Elazar.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the Aurigma ImageUploader ActiveX control (CVE-2008-5711). It uses a crafted HTML page with JavaScript to trigger the overflow, leveraging SEH overwrites and shellcode to achieve remote code execution.

Description

Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Elazar · htmlremotewindows

https://www.exploit-db.com/exploits/5049

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the Aurigma ImageUploader ActiveX control (CVE-2008-5711). It uses a crafted HTML page with JavaScript to trigger the overflow, leveraging SEH overwrites and shellcode to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Aurigma ImageUploader4/5 (versions 4.5.57.0, 4.5.70.0, 4.5.126.0, 4.6.17.0, 5.0.10.0)

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer with the vulnerable ActiveX control installed

MITRE ATT&CK