Network News

X My Profile
View More Activity

EBay Fixes Serious Security Hole in Picture Tool

EBay sellers who use the auction giant's Enhanced Picture Services tool to upload photos to auction pages may be prompted to update the software plug-in the next time they use it, as security experts have discovered a flaw that could be used by online criminals to hijack Microsoft Windows machines if the user browses a specially crafted site with Internet Explorer.

The vulnerability was reported to eBay by researcher Will Dormann at the United States Computer Emergency Readiness Team (US-CERT), a partnership between the Department of Homeland Security and the public and private sectors.

US-CERT says the flaw resides in a faulty ActiveX control and is present in the Enhanced Picture Services control versions 1.0.3.36 and earlier. EBayers will automatically get an upgrade prompt when using any services that employ the broken control, so if you are an active seller, don't ignore it. Vulnerability watchers Secunia and Fr-SIRT have both rated this flaw "critical" or "highly critical."

By Brian Krebs  |  July 14, 2006; 12:37 PM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Unpatched Powerpoint Flaw Exploited
Next: MySpace Attacked by Flash Worm

No comments have been posted to this entry.

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company