Recent Flaw with some ActiveX controls (Facebook, Yahoo) - how is itexploited

[brightwell_151@yahoo.co.uk]

I'm aware of the recently alerted flaw in the image uploder ActiveX
control used by some popular social networking sites. But I haven't
found technical details to explain where the risk actually lies...

Is it in the Uploader talking to a malicious download application or
is it the Uploader opening a malicious image file. Or is there a
different attack vector?

I don't suppose Facebook or MySpace would intentioanlly post a
malicous download element to the Uploader - although someone could
spoof one of these sites to get at an unsuspecting user.

Or if it is crafted image files that we are worried about then as long
as users stick to pictures which they know to be ok (such a photos
they've taken themselves) then surely the risk is quite low.

I'm guessing that the risk is related to the first mentioned above in
that a malicious site could invoke the ActiveX control and then pass
it crafted information- is that right?

Thanks

 

[MowGreen [MVP]]

Re: Recent Flaw with some ActiveX controls (Facebook, Yahoo) - howis it exploited

Original Advisory: MySpace Uploader ActiveX Control Buffer Overflow
http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059980.html

MySpace Uploader Control ActiveX Control Property Handling Buffer
Overflow http://secunia.com/advisories/28715/

Original: FaceBook/Aurigma Image/PhotoUploader Buffer Overflow
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060025.html

Facebook Photo Uploader ActiveX Control Property Handling Buffer
Overflow http://secunia.com/advisories/28713/


MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============


brightwell_151@yahoo.co.uk wrote:

> I'm aware of the recently alerted flaw in the image uploder ActiveX
> control used by some popular social networking sites. But I haven't
> found technical details to explain where the risk actually lies...
>
> Is it in the Uploader talking to a malicious download application or
> is it the Uploader opening a malicious image file. Or is there a
> different attack vector?
>
> I don't suppose Facebook or MySpace would intentioanlly post a
> malicous download element to the Uploader - although someone could
> spoof one of these sites to get at an unsuspecting user.
>
> Or if it is crafted image files that we are worried about then as long
> as users stick to pictures which they know to be ok (such a photos
> they've taken themselves) then surely the risk is quite low.
>
> I'm guessing that the risk is related to the first mentioned above in
> that a malicious site could invoke the ActiveX control and then pass
> it crafted information- is that right?
>
> Thanks
>

 

[brightwell_151@yahoo.co.uk]

Re: Recent Flaw with some ActiveX controls (Facebook, Yahoo) - how isit exploited

On Feb 11, 11:19 pm, "MowGreen [MVP]" <mowgr...@nowandzen.com> wrote:
> Original Advisory: MySpace Uploader ActiveX Control Buffer Overflowhttp://lists.grok.org.uk/pipermail/full-disclosure/2008-January/05998...
>
> MySpace Uploader Control ActiveX Control Property Handling Buffer
> Overflow        http://secunia.com/advisories/28715/
>
> Original:FaceBook/Aurigma Image/PhotoUploader Buffer Overflowhttp://lists.grok.org.uk/pipermail/full-disclosure/2008-February/0600...
>
> FacebookPhoto Uploader ActiveX Control Property Handling Buffer
> Overflow        http://secunia.com/advisories/28713/
>
> MowGreen  [MVP 2003-2008]
> ===============
>   *-343-*  FDNY
> Never Forgotten
> ===============
>
>
>
> brightwell_...@yahoo.co.uk wrote:
> > I'm aware of the recently alerted flaw in the image uploder ActiveX
> > control used by some popular social networking sites. But I haven't
> > found technical details to explain where the risk actually lies...
>
> > Is it in the Uploader talking to a malicious download application or
> > is it the Uploader opening a malicious image file. Or is there a
> > different attack vector?
>
> > I don't supposeFacebookor MySpace would intentioanlly post a
> > malicous download element to the Uploader - although someone could
> > spoof one of these sites to get at an unsuspecting user.
>
> > Or if it is crafted image files that we are worried about then as long
> > as users stick to pictures which they know to be ok (such a photos
> > they've taken themselves) then surely the risk is quite low.
>
> > I'm guessing that the risk is related to the first mentioned above in
> > that a malicious site could invoke the ActiveX control and then pass
> > it crafted information- is that right?
>
> > Thanks- Hide quoted text -
>
> - Show quoted text -

Thanks for your interest and response but I don't see how this
addresses my point - I've checked the links (of which only one appears
to refer Facebook ActiveX vulnerability).

I already knew that it was a buffer overflow in the ActiveX control
but I don't know what tirggers the overflow

1. A malicious Download agent on the Server
or
2. A crafted image file
or
3. something else

If it is the first two then I'm not so worried - because I doubt that
Facebook (assuming I'm not misdirected) would attack me with a
malicious agent and I'm also confident of the sources of any images I
care to upload (i.e. they will come from my camera).

If it is '3' (something else) then maybe I should be worried - but I
have not got an answer to that.

Does anyone have such an answer?

Thanks