Hey Andrew,
Just quick correction, both ImageUploader 4.5.50 and 4.5.70 are vulnerable along with the MySpaceUploader control. Additionally, the issue is stack-based not heap-based as I originally thought. The vulnerability with the FaceBook control is heap-based, it is possible to overwrite one of the addresses passed RtlFreeHeap()
Elazar
Just quick correction, both ImageUploader 4.5.50 and 4.5.70 are vulnerable along with the MySpaceUploader control. Additionally, the issue is stack-based not heap-based as I originally thought. The vulnerability with the FaceBook control is heap-based, it is possible to overwrite one of the addresses passed RtlFreeHeap()
Elazar
