brainslicer Postad 4 Februari , 2008 Rapport Postad 4 Februari , 2008 Yahoo! Music Jukebox ActiveX Control Buffer Overflows Secunia Advisory: SA28757 Release Date: 2008-02-04 Critical: Extremely critical Impact: System access Where: From remote Solution Status: Unpatched Software:Yahoo! Music Jukebox 2.x Exploit code is available. - Do you want to know when a patch is? Description: Some vulnerabilities have been discovered in Yahoo! Music Jukebox, which can be exploited by malicious people to compromise a user's system. 1) A boundary error in the YMP DataGrid ActiveX control (datagrid.dll) when handling arguments passed to the "AddImage()" and "AddButton()" methods can be exploited to cause a stack-based buffer overflow via an overly long argument. 2) A boundary error in the Yahoo! Mediagrid ActiveX control (mediagridax.dll) when handling arguments passed to the "AddBitmap()" method can be exploited to cause a stack-based buffer overflow via an overly long argument. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website. NOTE: Working exploit code is publicly available. The vulnerabilities are confirmed in Yahoo! Music Jukebox version 2.2.2.056. Other versions may also be affected. Solution: Set the kill-bit for the affected ActiveX controls. Provided and/or discovered by: 1) Krystian Kloskowski (h07) * Additional information provided by Elazar Broad. 2) Elazar Broad Original Advisory: http://milw0rm.com/exploits/5043 http://milw0rm.com/exploits/5051 http://milw0rm.com/exploits/5052 Citera
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.