CVE-2009-1567 Information

Description

Multiple stack-based buffer overflows in the Lateral Arts Photobox uploader ActiveX control 1.x before 1.3 and 2.2.0.6 allow remote attackers to execute arbitrary code via a long URL string for the (1) LogURL (2) ConnectURL (3) SkinURL (4) AlbumCreateURL (5) ErrorURL or (6) httpsinglehost property value.

Reference

http://secunia.com/advisories/37138 http://secunia.com/advisories/37492 http://secunia.com/secunia_research/2009-41/ http://www.securityfocus.com/archive/1/508169/100/0/threaded http://www.securityfocus.com/bid/37187 http://www.vupen.com/english/advisories/2009/3376 http://www.vupen.com/english/advisories/2009/3377