Yahoo Music Jukebox MediaGrid ActiveX buffer overflow

Added: 02/11/2008
CVE: CVE-2008-0625
BID: 27578
OSVDB: 41051

Background

Yahoo! Music Jukebox is a music player capable of playing, ripping, and burning MP3s and CDs, creating and sharing playlists, streaming radio stations, and purchasing music.

Problem

A buffer overflow vulnerability in the MediaGrid ActiveX Control in Yahoo! Music Jukebox allows command execution when a user loads a web page which calls the AddBitmap method with a long, specially crafted argument.

Resolution

Upgrade to Yahoo! Music Jukebox 2.2.2.058 or higher, or use the automatic update function in Yahoo! Music Jukebox.

References

http://www.kb.cert.org/vuls/id/340860

Limitations

Exploit works on Yahoo! Music Jukebox 2.2.2.056 and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows

Back to exploit index