SAINT CorporationSAINT:8ED591559AACE14E39BB10C9C0547F66Yahoo Music Jukebox MediaGrid ActiveX buffer overflow
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.059 Low
EPSS
Percentile
93.5%
Added: 02/11/2008
CVE: CVE-2008-0625
BID: 27578
OSVDB: 41051
Background
Yahoo! Music Jukebox is a music player capable of playing, ripping, and burning MP3s and CDs, creating and sharing playlists, streaming radio stations, and purchasing music.
Problem
A buffer overflow vulnerability in the MediaGrid ActiveX Control in Yahoo! Music Jukebox allows command execution when a user loads a web page which calls the **AddBitmap** method with a long, specially crafted argument.
Resolution
Upgrade to Yahoo! Music Jukebox 2.2.2.058 or higher, or use the automatic update function in Yahoo! Music Jukebox.
References
<http://www.kb.cert.org/vuls/id/340860>
Limitations
Exploit works on Yahoo! Music Jukebox 2.2.2.056 and requires a user to load the exploit page in Internet Explorer.
Platforms
Windows
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.059 Low
EPSS
Percentile
93.5%