Facebook image uploader: The flaws continue

Facebook image uploader: The flaws continue

Summary: Security researcher Elazar Broad has found another vulnerability in Facebook's Aurigma ImageUploader control.And these vulnerabilities are stacking up.

SHARE:

Security researcher Elazar Broad has found another vulnerability in Facebook's Aurigma ImageUploader control.

And these vulnerabilities are stacking up. In an advisory on the Full Disclosure email list on Sunday, Broad wrote:

The control is vulnerable to a stack-based buffer overflow in the ExtractExif and ExtractIptc properties. See the exploit code for buffer offsets. Other properties may be vulnerable as well to a DoS and/or code execution.

The controls, distributed by Aurigma Imaging Technology, include: FaceBook PhotoUploader 4.5.57.0, Aurigma ImageUploader4 4.6.17.0, Aurigma ImageUploader4 4.5.70.0, Aurigma ImageUploader4 4.5.126.0 and Aurigma ImageUploader5 5.0.10.0. On the bright side, FaceBook PhotoUploader 4.5.57.1 is not vulnerable so upgrade pronto.

Broad noted that the latest flaw is a different one than the photo uploader issues he flagged last week affecting Facebook and MySpace. Last week, Broad flagged ActiveX photo uploader tools distributed by Aurigma Imaging Technology. Those attacks could allow rigged Web pages to hit Windows systems

There are two fixes here. You can disable the uploader tools involved in the aforementioned flaws or disable ActiveX components. Here's a Microsoft walkthrough. Given how these vulnerabilities are springing up at a rapid clip you may just want to disable ActiveX.

Topics: Software, Enterprise Software, Security, Software Development, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Or maybe just drop facebook

    .. and spend your time doing something useful instead of pimping your life to everyone who doesn't have the heart to say they couldn't care less about the mundane details of your life.
    croberts
    • Applauds croberts

      facebook is ok if used properly! I have a "friend who uses every add-on and sends me roses, beer, wants to know what colour condom I am, etc etc.

      time to get a life, buddy!!!
      tony_rly@...
  • RE: Facebook image uploader: The flaws continue

    Great article!
    johndavid_77@...
  • RE: Facebook image uploader: The flaws continue

    ewet dedim ama neyse
    http://www.bbgporn.com/
    http://www.hmmtube.com/
    dogru deme
    http://www.erotiktube.org/
    http://www.52tube.com/
    http://www.wctube.com/
    http://www.cameporn.com/
    http://www.escortbayan9.com/
    tamam dedim
    myclub