4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.059 Low
EPSS
Percentile
93.5%
Added: 02/11/2008
CVE: CVE-2008-0625
BID: 27578
OSVDB: 41051
Yahoo! Music Jukebox is a music player capable of playing, ripping, and burning MP3s and CDs, creating and sharing playlists, streaming radio stations, and purchasing music.
A buffer overflow vulnerability in the MediaGrid ActiveX Control in Yahoo! Music Jukebox allows command execution when a user loads a web page which calls the **AddBitmap**
method with a long, specially crafted argument.
Upgrade to Yahoo! Music Jukebox 2.2.2.058 or higher, or use the automatic update function in Yahoo! Music Jukebox.
<http://www.kb.cert.org/vuls/id/340860>
Exploit works on Yahoo! Music Jukebox 2.2.2.056 and requires a user to load the exploit page in Internet Explorer.
Windows