Security researcher Elazar Broad has found another vulnerability in Facebook’s Aurigma ImageUploader control.
And these vulnerabilities are stacking up. In an advisory on the Full Disclosure email list on Sunday, Broad wrote:
Broad noted that the latest flaw is a different one than the photo uploader issues he flagged last week affecting Facebook and MySpace. Last week, Broad flagged ActiveX photo uploader tools distributed by Aurigma Imaging Technology. Those attacks could allow rigged Web pages to hit Windows systems.
There are two fixes here. You can disable the uploader tools involved in the aforementioned flaws or disable ActiveX components. Here’s a Microsoft walkthrough. Given how these vulnerabilities are springing up at a rapid clip you may just want to disable ActiveX.