Tweet
Social networking most commonly translates to connections and even friendships online. Yet recent trends also point users toward system infection – with the ever growing number of subscribers to networking sites also comes a growing number of threats.
Just a month ago, Facebook’s secret crush feature was discovered to be loading adware and spyware. Almost at that same time, MySpace was compromised when it was found to be laced with banner ads that install malicious files and programs.
Now, a vulnerability in the image uploader used by MySpace and Facebook was recently discovered by security researchers, bringing about issues of the possibility of exploits and malicious users gaining access to affected systems.
Aurigma’s Image Uploader Control Library was found to have a buffer overflow vulnerability that could be exploited by an unknown user to compromise systems. MySpace and Facebook use the application for their image uploading functions. Researchers are still trying to determine if only a version of the image downloader application had the ActiveX boundary error and if the said social networking sites are using secure versions.
Trend Micro advises users to stand by for patches that would address this said vulnerability. Meanwhile, setting Internet and Local intranet security zone settings to “High” before running ActiveX controls in these zones will prove to be helpful in making one’s system more secure.
Additional note
Also, The SANS Internet Storm Center (ISC) also notes today that there have been six (6) highly exploitable ActiveX vulnerabilities announced this week.
Symantec is reporting a total of six buffer-overflow vulnerabilities that affect a number of widely distributed ActiveX controls have been disclosed in the past week. We are unaware of any public exploitation of these vulnerabilities. However, the Symantec DeepSight team has confirmed that these issues can be used to execute code or crash the vulnerable applications.
Admins are advised to set the kill bit for the following CLSIDs as soon as possible:
Aurigma: CLSID 6E5E167B-1566-4316-B27F-0DDAB3484CF7 ('ImageUploader4.ocx')
Aurigma: CLSID BA162249-F2C5-4851-8ADC-FC58CB424243 ('ImageUploader5')
Facebook: CLSID 5C6698D9-7BE4-4122-8EC5-291D84DBD4A0
Yahoo! MediaGrid: CLSID 22FD7C0A-850C-4A53-9821-0B0915C96139
Yahoo! DataGrid: CLSID 5F810AFC-BB5F-4416-BE63-E01DD117BD6C2.
Security Awareness updates should be issued warning of Active X controls and safe browsing.
Just a month ago, Facebook’s secret crush feature was discovered to be loading adware and spyware. Almost at that same time, MySpace was compromised when it was found to be laced with banner ads that install malicious files and programs.
Now, a vulnerability in the image uploader used by MySpace and Facebook was recently discovered by security researchers, bringing about issues of the possibility of exploits and malicious users gaining access to affected systems.
Aurigma’s Image Uploader Control Library was found to have a buffer overflow vulnerability that could be exploited by an unknown user to compromise systems. MySpace and Facebook use the application for their image uploading functions. Researchers are still trying to determine if only a version of the image downloader application had the ActiveX boundary error and if the said social networking sites are using secure versions.
Trend Micro advises users to stand by for patches that would address this said vulnerability. Meanwhile, setting Internet and Local intranet security zone settings to “High” before running ActiveX controls in these zones will prove to be helpful in making one’s system more secure.
Additional note
Also, The SANS Internet Storm Center (ISC) also notes today that there have been six (6) highly exploitable ActiveX vulnerabilities announced this week.
Symantec is reporting a total of six buffer-overflow vulnerabilities that affect a number of widely distributed ActiveX controls have been disclosed in the past week. We are unaware of any public exploitation of these vulnerabilities. However, the Symantec DeepSight team has confirmed that these issues can be used to execute code or crash the vulnerable applications.
Admins are advised to set the kill bit for the following CLSIDs as soon as possible:
Aurigma: CLSID 6E5E167B-1566-4316-B27F-0DDAB3484CF7 ('ImageUploader4.ocx')
Aurigma: CLSID BA162249-F2C5-4851-8ADC-FC58CB424243 ('ImageUploader5')
Facebook: CLSID 5C6698D9-7BE4-4122-8EC5-291D84DBD4A0
Yahoo! MediaGrid: CLSID 22FD7C0A-850C-4A53-9821-0B0915C96139
Yahoo! DataGrid: CLSID 5F810AFC-BB5F-4416-BE63-E01DD117BD6C2.
Security Awareness updates should be issued warning of Active X controls and safe browsing.
Comment