Secunia Research has discovered a vulnerability in Lateral Arts Photobox uploader ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when parsing URLs. This can be exploited to cause a stack-based buffer overflow via an overly long string assigned to a number of properties (e.g. "LogURL", "ConnectURL", "SkinURL", "AlbumCreateURL", "ErrorURL", and "httpsinglehost"). Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website. The vulnerability is confirmed in version 2.2.0.6. Other versions may also be affected.
9d8d86dda126c1b780b660c3791afd6754a9098c7af3833b073cd5be307b80be