MySpace and Facebook struck by security flaw

By Justin Mann on February 1, 2008, 8:30 PM
Both MySpace and Facebook have come under the security microscope with the publication of a zero-day flaw that affects both sites. The flaw lies within the image uploader that both sites use, which is obviously a very popular and commonly used function. If exploited, the flaw can result in a buffer overflow that could lead to code execution on someone's computer and ultimately machine compromise. Even less surprising, the flaw is inside an ActiveX control. Assuming you are using a browser that doesn't support ActiveX, you're out of harms way.

Secunia has rated the flaw as highly critical, and as of the time of this post no patch has been formerly announced. However, a little-known feature of ActiveX known as the kill bit can be enabled that will prevent the exploit from being able to affect you.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.