Signature Detail
Short Name |
HTTP:STC:ACTIVEX:AURIGMA |
|---|---|
Severity |
High |
Recommended |
No |
Category |
HTTP |
Keywords |
Aurigma Image Uploader Overflow |
Release Date |
2007/12/26 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Aurigma Image Uploader Overflow
This signature detects attempts to exploit a known vulnerability in Aurigma's Image Uploader ActiveX control. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX call, which if accessed by a victim, allows the attacker to gain control of the victim's browser.
Extended Description
Aurigma Image Uploader ActiveX control is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions. Versions prior to Aurigma Image Uploader 4.5.70 are affected. UPDATE (November 26, 2007): Reports indicate that this issue occurs because of a buffer-overflow issue that affects a Win32API method. This has not been confirmed. We will update this BID as more information emerges.
Affected Products
- Aurigma ImageUploader 4.1.20
- Aurigma ImageUploader 4.1.21.0
- Aurigma ImageUploader 4.5.50.0
- Aurigma Image Uploader 4.1
References