CVE-2008-5711

Facebook PhotoUploader <5.0.14.0 - Buffer Overflow

Title source: llm

Description

Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and earlier allows remote attackers to execute arbitrary code via a long FileMask property value.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16505

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by MC Group Ltd. · htmlremotewindows

https://www.exploit-db.com/exploits/5102

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Elazar · htmlremotewindows

https://www.exploit-db.com/exploits/5049

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/facebook_extractiptc.rb

View Code ZIP pw:eip

References (3)

[Third Party Advisory] http://securityreason.com/securityalert/4805

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5102

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27756

Scores

EPSS 0.5568

EPSS Percentile 98.1%

Details

CWE

CWE-119

Status published

Products (2)

facebook/photouploader 4.5.57.0

facebook/photouploader < 5.0.14.0

Published Dec 24, 2008

Tracked Since Feb 18, 2026