Exploitation Summary
CVE-2008-1490 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4.ocx 4.1.36.0, as used with Piczo (aka Pizco) and possibly other online services, allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long Action property, a different CLSID than CVE-2008-0659.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28354
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/40152
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=120605071403813&w=2
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29445
Scores
EPSS
0.0397
EPSS Percentile
89.3%
Details
VulnCheck KEV
2010-05-01
CWE
CWE-119
Status
published
Products (2)
aurigma/image_uploader_activex_control
4.1.36.0
piczo/imageuploader4
4.1.36.0
Published
Mar 25, 2008
Tracked Since
Feb 18, 2026