MySpace Uploader ActiveX Control < 18.104.22.168 Action Property Buffer Overflow
High Nessus Plugin ID 30219
SynopsisThe remote Windows host has an ActiveX control that is affected by a buffer overflow vulnerability.
DescriptionThe remote host contains a version of the MySpace Uploader ActiveX control (MySpace.Uploader.4.1) that reportedly is affected by a buffer overflow that can be triggered by assigning a string longer than 260 characters to certain properties, such as 'Action', 'ExtractIptc', and 'ExtractExif'. If a remote attacker can trick a user on the affected host into visiting a specially crafted web page, this issue could be leveraged to execute arbitrary code on the affected host subject to the user's privileges.
SolutionUpgrade to version 22.214.171.124 of the control as that reportedly resolves the issue.