Facebook hack: A New Vulnerability That Allows Novices to Stage Easy and Powerful Attacks
According to an Article on pcworld.in written by Carrie-Ann Skinner, it seems that social networking sites (including Facebook) are vulnerable to a buffer overflow in the Aurigma ActiveX image uploading software.
Aurigma ActiveX Image Uploader is an ActiveX control that provides the ability to upload pictures from the Internet Explorer browser to a remote machine. This ActiveX control is used by multiple websites including Facebook.
This vulnerability may allow an attacker to get full remote system access with the user privileges.
This concerns the Facebook PhotoUploader <= 4.5 and Aurigma ImageUploader <= 4.6.
According to Rob Rachwald from Fortify Software:
“This exploit is being used in a hacker toolkit currently being offered for download on several Chinese language sites, meaning that novices have been able to stage these attacks, and not just professional hackers.”
“Had Facebook and MySpace required Aurigma to provide proof of a code audit before sourcing the plug-in this latest security issue could have been avoided,”.
What is a buffer overflow ?
A buffer is a part of memory (usually computer memory) that temporarily hold data during a routine (or a program) execution that will be needed after.
For instance, if you make the following operation mentally:
(2+3)*6
you will probably do 2+3 mentally and temporarily store 5 in your head. Then you will multiply 5 by 6 and give the result. So during this procedure you put 5 in your “biological” buffer.
So now that you understand what a buffer is, lets go to the next step. In programming, buffer by definition are static which means that their size does not change in time.
So a buffer overflow happens when data can be written “above” the static limit of the considered buffer. This is usually due to a programming mistake.
Sometimes, when found by a malicious person, this mistake may be exploited to access, in reading and writing, a completely different part of the memory. That’s what is called a buffer overflow exploit.
For more technical information about this subject you might go on the following link in wikipedia.
The Aurigma ImageUploader ActiveX control stack buffer overflows:
According to the kb-cert.org:
“Aurigma ImageUploader is an ActiveX control that provides the ability to upload pictures using the Internet Explorer web browser. The Aurigma ImageUploader ActiveX control is used by multiple web sites, such as Facebook and MySpace. This ActiveX control contains multiple stack buffer overflows in several properties, including Action, ExtractExif, and ExtractIptc. Limited testing has shown that versions up to and including version 5.0.30 may be vulnerable.”
The exploit code is publicly available.
Solutions:
You may disable the Aurigma ActiveX controls in Internet Explorer in setting the kill-bit which affect the ActiveX control by following the instructions on www.kb.cert.org document 776931 and on Microsoft Support Document 240797.
You may disable ActiveX controls in the Internet zone of your browser.
Source pages:
pcworld article
vnunet article
US-CERT vulnerability note
The exploit on Securityfocus
Tags: activex, exploit, hack, Hack Facebook, News, photos, upload
Related Post
1 Comment(s)
Comments RSS TrackBack Identifier URI
Leave a comment
Hi, listen i wanna see one of my friend, friends so i add him but he always reject me all i wanna see is pictures of his facebook …
See pictures for someone that is not on my list