SAINT CorporationSAINT:90EA756E543A638405E6078359DB4E74Yahoo Music Jukebox MediaGrid ActiveX buffer overflow
0.059 Low
EPSS
Percentile
93.5%
Added: 02/11/2008
CVE: CVE-2008-0625
BID: 27578
OSVDB: 41051
Background
Yahoo! Music Jukebox is a music player capable of playing, ripping, and burning MP3s and CDs, creating and sharing playlists, streaming radio stations, and purchasing music.
Problem
A buffer overflow vulnerability in the MediaGrid ActiveX Control in Yahoo! Music Jukebox allows command execution when a user loads a web page which calls the **AddBitmap** method with a long, specially crafted argument.
Resolution
Upgrade to Yahoo! Music Jukebox 2.2.2.058 or higher, or use the automatic update function in Yahoo! Music Jukebox.
References
<http://www.kb.cert.org/vuls/id/340860>
Limitations
Exploit works on Yahoo! Music Jukebox 2.2.2.056 and requires a user to load the exploit page in Internet Explorer.
Platforms
Windows
Related
