eBay Enhanced Picture Uploader ActiveX control vulnerable to arbitrary command execution
Description: The eBay Enhanced Picture Uploader ActiveX control is used by the eBay web site to give Internet Explorer users additional functionality when uploading pictures to an auction. This ActiveX control is provided by the file EPUWALcontrol.dll. If an attacker provides a specially-crafted PictureUrls property or initialization parameter, the ActiveX control will execute the commands that are specified.
Impact: By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary commands with the privileges of the user.
Solution: Apply an update
This update is addressed in version 1.0.27 of the Ebay Enhanced Picture Control software. This update can be obtained by visiting the eBay web site, creating a new auction and uploading images with the Internet Explorer web browser. This control is also disabled in Internet Explorer with the update for Microsoft Security Advisory (969898). Please see the eBay security center announcement for additional details.
http://www.kb.cert.org/vuls/id/983731
eBay Enhanced Picture Services ActiveX Control Update
Why is there an update?
A vulnerability was found in the eBay Enhanced Picture Services ActiveX control used before January 2009. By convincing a user to view a malicious web page, an attacker may have been able to execute arbitrary code on the user's system via this vulnerability.
Getting the update
Sellers will be automatically prompted to receive the new ActiveX control if they go through any eBay flows that use the eBay Enhanced Picture Services ActiveX control. Microsoft will also bundle a patch into their monthly security update, beginning in June, that will prevent the old vulnerable ActiveX control from being used or abused.
Who might have been affected?
Users who installed the eBay Enhanced Picture Services ActiveX control prior to January 2009 would have received the vulnerable version. The ActiveX control exists in the following flows and products:
eBay.com: Sell Your Item (SYI), Setup & Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader
CARad.com: Add Vehicle
http://pages.ebay.com/securitycenter/activex/index.html
See also: http://www.microsoft.com/technet/security/advisory/969898.mspx