Both MySpace and Facebook have come under the security microscope with the publication of a zero-day flaw that affects both sites
. The flaw lies within the image uploader that both sites use, which is obviously a very popular and commonly used function. If exploited, the flaw can result in a buffer overflow that could lead to code execution on someone's computer and ultimately machine compromise. Even less surprising, the flaw is inside an ActiveX control. Assuming you are using a browser that doesn't support ActiveX, you're out of harms way.
Secunia has rated the flaw as highly critical
, and as of the time of this post no patch has been formerly announced. However, a little-known feature of ActiveX known as the kill bit
can be enabled that will prevent the exploit from being able to affect you.