The Last HOPE
-->
         
         
Email us! Subscribe to Liquidmatrix!

Yahoo! Music Jukebox ActiveX Buffer Overflows

Author: Dave Lewis
February 4, 2008 at 9:07 am · Filed under Exploit, Vulnerability

Well, it’s not too often that I see a 5/5 rated security vulnerability on Secunia. So, I figured I would pass this one along.

From Secunia

Description:
Some vulnerabilities have been discovered in Yahoo! Music Jukebox, which can be exploited by malicious people to compromise a user’s system.

1) A boundary error in the YMP DataGrid ActiveX control (datagrid.dll) when handling arguments passed to the “AddImage()” and “AddButton()” methods can be exploited to cause a stack-based buffer overflow via an overly long argument.

2) A boundary error in the Yahoo! Mediagrid ActiveX control (mediagridax.dll) when handling arguments passed to the “AddBitmap()” method can be exploited to cause a stack-based buffer overflow via an overly long argument.

Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.

NOTE: Working exploit code is publicly available.

The vulnerabilities are confirmed in Yahoo! Music Jukebox version 2.2.2.056. Other versions may also be affected.

Article Link

The exploits are in the wild:

http://milw0rm.com/exploits/5043
http://milw0rm.com/exploits/5051
http://milw0rm.com/exploits/5052

Tags: , , ,

Tag It: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Slashdot
  • Technorati
  • SphereIt
  • StumbleUpon
  • Fark
  • YahooMyWeb
  • Furl
  • Spurl
  • Ma.gnolia
  • NewsVine
Related Articles:

  • Yahoo! Messenger Two ActiveX Controls Buffer Overflows
  • AOL YGPPDownload ActiveX Control Buffer Overflows
  • Yahoo! Messenger Buffer Overflow
  • WinDVD ActiveX Control Buffer Overflow
  • Ask Toolbar ActiveX Control Buffer Overflow

    • Leave a Comment