Vulnerability Report

CVE-2008-0659

RCE

Title: Aurigma Image Uploader Activex Control RCE

RCE

Proof Of Concept

PoC Available for CVE-2008-0659

CWE Category CWE-119
Published Date Feb 08, 2008
Modified Date Apr 09, 2025
Exploit Status Available
Score 10.0 CVSS v2.0
Exploit Probability (EPSS)
40.22%

Vulnerability Summary

CVE-2008-0659: Stack-based buffer overflow in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.5.70 and earlier, as used in MySpace MySpaceUploader.ocx 1.0.0.4, allows remote attackers to execute arbitrary code via a long Action property.

Impacted Vendors

A
aurigma 1
M
myspace 1

Reference Links

http://blogs.aurigma.com/post/2008/01/Another-security-problem---oh%2c-not-again.aspx http://seclists.org/fulldisclosure/2008/Jan/0593.html http://secunia.com/advisories/28715 http://secunia.com/advisories/28733 http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483 http://www.kb.cert.org/vuls/id/776931 http://www.securityfocus.com/bid/27533 http://www.vupen.com/english/advisories/2008/0344/references http://www.vupen.com/english/advisories/2008/0345/references https://exchange.xforce.ibmcloud.com/vulnerabilities/40118 https://www.exploit-db.com/exploits/5025 http://blogs.aurigma.com/post/2008/01/Another-security-problem---oh%2c-not-again.aspx http://seclists.org/fulldisclosure/2008/Jan/0593.html http://secunia.com/advisories/28715 http://secunia.com/advisories/28733 http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483 http://www.kb.cert.org/vuls/id/776931 http://www.securityfocus.com/bid/27533 http://www.vupen.com/english/advisories/2008/0344/references http://www.vupen.com/english/advisories/2008/0345/references https://exchange.xforce.ibmcloud.com/vulnerabilities/40118 https://www.exploit-db.com/exploits/5025
CVSS v2.0
Source Entity [email protected]
Severity HIGH
10.0
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:L/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2008-0659 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/5025
View Code
MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.