Exploitation Summary
EIP tracks 4 public exploits for CVE-2008-5711.
PoCs published by Metasploit, MC Group Ltd., Elazar, including Metasploit module exploits/windows/browser/facebook_extractiptc.
AI-analyzed exploit summary This exploit targets a stack buffer overflow in the Facebook Photo Uploader 4 ActiveX control via the 'ExtractIptc' property. It delivers a payload through a malicious HTML page, leveraging a long string to overflow the buffer and execute arbitrary code.
Description
Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and earlier allows remote attackers to execute arbitrary code via a long FileMask property value.
Exploits (4)
This exploit targets a stack buffer overflow in the Facebook Photo Uploader 4 ActiveX control via the 'ExtractIptc' property. It delivers a payload through a malicious HTML page, leveraging a long string to overflow the buffer and execute arbitrary code.
This exploit targets a heap spray vulnerability in the ActiveX control (clsid:5C6698D9-7BE4-4122-8EC5-291D84DBD4A0) to achieve remote code execution by overwriting memory with shellcode that launches calc.exe.
This exploit targets a buffer overflow vulnerability in the Aurigma ImageUploader ActiveX control (CVE-2008-5711). It uses a crafted HTML page with JavaScript to trigger the overflow, leveraging SEH overwrites and shellcode to achieve remote code execution.
This Metasploit module exploits a stack buffer overflow in Facebook Photo Uploader 4 ActiveX control via an overly long string to the 'ExtractIptc()' property, leading to arbitrary code execution.