Yahoo! Music Jukebox ActiveX Control Buffer Overflows

ERCOLINO

ERCOLINO

Membro dello Staff
Amministratore
Registrato
3 Marzo 2003
Messaggi
252.869
Località
Torino
Secunia Advisory: SA28757
Release Date: 2008-02-04

Critical: Extremely critical
img_5.gif

Impact: System access
Where: From remote
Solution Status: Unpatched

Software: Yahoo! Music Jukebox 2.x




Description:
Some vulnerabilities have been discovered in Yahoo! Music Jukebox, which can be exploited by malicious people to compromise a user's system.

1) A boundary error in the YMP DataGrid ActiveX control (datagrid.dll) when handling arguments passed to the "AddImage()" and "AddButton()" methods can be exploited to cause a stack-based buffer overflow via an overly long argument.

2) A boundary error in the Yahoo! Mediagrid ActiveX control (mediagridax.dll) when handling arguments passed to the "AddBitmap()" method can be exploited to cause a stack-based buffer overflow via an overly long argument.

Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.

NOTE: Working exploit code is publicly available.

The vulnerabilities are confirmed in Yahoo! Music Jukebox version 2.2.2.056. Other versions may also be affected.

Solution:
Set the kill-bit for the affected ActiveX controls.


Bollettino di Sicurezza
 
Falle ActiveX: Facebook, MySpace e Yahoo

Sulla scia delle vulnerabilità ActiveX isolate recentemente negli strumenti di "caricamento immagini" in Facebook e MySpace, i ricercatori di sicurezza hanno avvisato ieri di aver scoperto simili problemi di sicurezza (e codici exploit in-the-wild) anche in Yahoo Messenger e Yahoo Music Jukebox.



Dettagli
 
Devi accedere o registrarti per poter rispondere.
Indietro
Alto Basso