eBay Picture Manager Buffer Overflow

The vulnerability could have allowed for arbitrary code execution

By Marius Oiaga on July 7th, 2006 14:51 GMT
A new ActiveX vulnerability has been published yesterday. As is has become a sort of a tradition lately, the hole lies within the way in which ActiveX controls are integrated in the web page. The exploitation of such a vulnerability will cause a buffer overflow on eBay's Picture Manager. The bug located in EPUImageControl object of the Picture Manager will, in the eventuality of an attack permit the execution of remote arbitrary code.

The vulnerability in eBay Picture Manager ActiveX control could allow an attacker to use a specially crafted HTML to trigger to buffer overflow in the EPUImageControl COM object in 'EUPWALcontrol.dll'. Such an attempt will let the target machine completely vulnerable to the execution of arbitrary code with the same privileges as the target user.

eBay Sell Your Item page was the only one that used the affected control, and the company was informed of the vulnerability and has stated that it already handled the situation and patched the vulnerability. As of that time an eBay customer using the ActiveX control will be advised to update the control.

A workaround to the problem is to disable the control by setting the kill bit on the following CSLID:
{4C39376E-FA9D-4349-BACC-D305C1750EF3}.
  
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments