Photo Upload Plugin ActiveX Multiple Buffer Overflows

High Nessus Plugin ID 26063


The remote Windows host has an ActiveX control that is affected by multiple buffer overflow vulnerabilities.


The remote host contains the PhotoChannel Networks Photo Upload Plugin ActiveX control, which is used by multiple retailers for uploading photographs to photo centers.

The version of this control installed on the remote host reportedly contains multiple and as-yet unspecified overflows that could lead to arbitrary code execution on the affected system. However, successful exploitation requires that an attacker trick a user on the affected host into visiting a specially crafted web page.


Either upgrade to version or later of the control, disable its use from within Internet Explorer by setting its kill bit, or remove it completely.

Plugin Details

Severity: High

ID: 26063

File Name: photochannel_activex_overflows.nasl

Version: $Revision: 1.15 $

Type: local

Agent: windows

Family: Windows

Published: 2007/09/18

Modified: 2014/04/17

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2007/09/14

Reference Information

CVE: CVE-2007-0326

BID: 25685

OSVDB: 37958

CERT: 854769

CWE: 119