EBay Fixes Serious Security Hole in Picture Tool
EBay sellers who use the auction giant's Enhanced Picture Services tool to upload photos to auction pages may be prompted to update the software plug-in the next time they use it, as security experts have discovered a flaw that could be used by online criminals to hijack Microsoft Windows machines if the user browses a specially crafted site with Internet Explorer.
The vulnerability was reported to eBay by researcher Will Dormann at the United States Computer Emergency Readiness Team (US-CERT), a partnership between the Department of Homeland Security and the public and private sectors.
US-CERT says the flaw resides in a faulty ActiveX control and is present in the Enhanced Picture Services control versions 18.104.22.168 and earlier. EBayers will automatically get an upgrade prompt when using any services that employ the broken control, so if you are an active seller, don't ignore it. Vulnerability watchers Secunia and Fr-SIRT have both rated this flaw "critical" or "highly critical."
The comments to this entry are closed.