Let's see how potential malicious persons can utilize this security flaw. A hacker writes the JavaScript which uses this buffer overflow bug to run malicious code, e.g. virus, trojan or whatever. It is not as difficult as may seem. Read article in Wikipedia about buffer overrun for better understanding how it works (it requires some Assembler knowledge though). Then the hacker use phishing to have some person to open the page containing the malicious JavaScript. Alternatively they can use cross-site scripting technique to inject this JavaScript to other sites.
So you see, this is quite serious. Each user who has vulnerable version of Image Uploader potentially may run some malware from the web without any knowledge of it.
P.S. If you do not know about phishing or cross-site scripting, I recommend to take a look in these Wikipedia articles:
http://en.wikipedia.org/wiki/Phishing
http://en.wikipedia.org/wiki/Cross-site_scripting
So you see, this is quite serious. Each user who has vulnerable version of Image Uploader potentially may run some malware from the web without any knowledge of it.
P.S. If you do not know about phishing or cross-site scripting, I recommend to take a look in these Wikipedia articles:
http://en.wikipedia.org/wiki/Phishing
http://en.wikipedia.org/wiki/Cross-site_scripting
