US-CERT is aware of publicly available exploit code for an unpatched vulnerability affecting an image uploader used by Facebook and MySpace. This vulnerability is caused by a buffer overflow in Aurigma's ImageUploader ActiveX control. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code on an affected system.

US-CERT encourages users to Disable ActiveX controls as described in the Securing Your Web Browser document.

US-CERT will continue to investigate and provide additional information as it becomes available.