imageuploader

Facebook, MySpace image uploaders vulnerable to attack

Updated at 3:37 p.m. PST with statement from MySpace and Facebook.

Within the last week, researcher Elazar Broad has disclosed two ActiveX vulnerabilities in the tools that MySpace.com and Facebook users use to upload images to their sites. On Sunday, Broad disclosed a buffer overflow vulnerability within the Facebook image upload control. Last week, Broad disclosed a similar buffer overflow flaw within MySpaceAurigma's ImageUploader ActiveX; the MySpace vulnerability also affects Facebook users.

Facebook and MySpace use controls repackaged from Aurigma Imaging Technology. Vulnerable to the recent attack scenario are FaceBook PhotoUploader 4.5.57.0, Aurigma … Read more

Originally posted at Defense in Depth

February 4, 2008 10:51 AM PST By Robert Vamosi

Topics:

Browsers and extensions,

Security

Tags:

security,

Facebook,

Myspace,

Aurigma Imaging Technologies,

ImageUploader,

Elazar Broad