HTTP: Aurigma Image Uploader Overflow

This signature detects attempts to exploit a known vulnerability in Aurigma's Image Uploader ActiveX control. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX call, which if accessed by a victim, allows the attacker to gain control of the victim's browser.

Extended Description

Aurigma Image Uploader ActiveX control is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions. Versions prior to Aurigma Image Uploader 4.5.70 are affected. UPDATE (November 26, 2007): Reports indicate that this issue occurs because of a buffer-overflow issue that affects a Win32API method. This has not been confirmed. We will update this BID as more information emerges.

Affected Products

Aurigma image_uploader,Aurigma imageuploader

Short Name
HTTP:STC:ACTIVEX:AURIGMA
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Aurigma Image Overflow Uploader bid:26537
Release Date
12/26/2007
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Aurigma

Found a potential security threat?