Yahoo! Music Jukebox ActiveX Buffer Overflows
Author: Dave Lewis
Well, it’s not too often that I see a 5/5 rated security vulnerability on Secunia. So, I figured I would pass this one along.
From Secunia
Description:
Some vulnerabilities have been discovered in Yahoo! Music Jukebox, which can be exploited by malicious people to compromise a user’s system.1) A boundary error in the YMP DataGrid ActiveX control (datagrid.dll) when handling arguments passed to the “AddImage()” and “AddButton()” methods can be exploited to cause a stack-based buffer overflow via an overly long argument.
2) A boundary error in the Yahoo! Mediagrid ActiveX control (mediagridax.dll) when handling arguments passed to the “AddBitmap()” method can be exploited to cause a stack-based buffer overflow via an overly long argument.
Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.
NOTE: Working exploit code is publicly available.
The vulnerabilities are confirmed in Yahoo! Music Jukebox version 2.2.2.056. Other versions may also be affected.
The exploits are in the wild:
http://milw0rm.com/exploits/5043
http://milw0rm.com/exploits/5051
http://milw0rm.com/exploits/5052
Tags: Exploit, Vulnerability, Security Exploit, Yahoo Exploit
