Facebook, MySpace are deadly

Facebook and MySpace users are facing the risk of being hacked after the code exploits a deadly security bug that the integrated image download application in these virtual social networks is distributed to the Internet.

Security researcher Elazar Broad was the one who discovered and published this security error through the list of secure email Full Disclosure. The code for exploiting the bug was later spread widely through the milw0rm.com website.

Security firm Secunia said the source of the security error is a boundary error that arises when the ActiveX Control Aurigma.ImageUploader.4.1 belongs to the Aurigma image download application. Action '.

To successfully exploit this error, the hacker simply assigns a long string of characters to the 'Action' attribute. If successful, they will create a buffer overflow that will allow them to remotely execute malicious code on a PC using a software error. Secunia classified this error as 'extremely dangerous'.

Version ImageUploader4.ocx v4.5.70.0 has been confirmed with the above error. However, Secunia warns that older versions may also make mistakes. There have not been any fixes released yet.