[ insider_reports_insider ]
Facebook May Suffer Image Uploader Flaw
David Utter
Staff Writer
2008-02-05
 Insider Reports RSS Feed
An unpatched vulnerability in an Active X library for an image uploading tool used by the social networking site has exploit code in the wild.
 | | Facebook May Suffer Image Uploader Flaw |  |
If exploited, the buffer overflow in Aurigma's ImageUploader ActiveX control could permit the execution of arbitrary code on a vulnerable system. An advisory from US-CERT said a solution is not yet available, and advised a series of workarounds to prevent the flaw from being impacted.
However, the extent of the problem may be limited. Aurigma's blog said only a single version of the control, version 4.5.70, suffers the flaw. Later builds including version 5 of the Image Uploader is not affected, nor is an earlier build, version 3.5.
Aurigma also said this was only the second flaw found in the five years Image Uploader has been available.
Active X has had a rough week on the vulnerability front. Trend Micro noted a half-dozen new ones reported by SANS this week.
MySpace also uses the Image Uploader tool. However, Secunia reports that the version in use by MySpace has been patched and is not affected by the problem.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
