Gracenote CDDBControl ActiveX Control Option String Overflow

This script is Copyright (C) 2006-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is susceptible to
a buffer overflow vulnerability.

Description :

The Windows remote host contains the Gracenote CDDBControl ActiveX
control, which is used by various products, including AOL's software,
to lookup CD information in the Gracenote CDDB and is commonly marked
as safe for scripting.

The version of this ActiveX control on the remote host reportedly
contains a buffer overflow vulnerability that arises when a large
string is supplied as an option for the control. A remote attacker may
be able to leverage this issue to execute arbitrary code on the remote
host subject to the privileges of the current user.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-06-019.html
http://seclists.org/fulldisclosure/2006/Jun/883
http://www.nessus.org/u?67486937
http://secunia.com/secunia_research/2006-69/advisory/

Solution :

Contact the developer of the software you are using for a patch or new
version; otherwise, use Gracenote's tool to set its kill bit to
disable the control in Internet Explorer.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 21772 (cddbcontrol_activex_overflow.nasl)

Bugtraq ID: 18678

CVE ID: CVE-2006-3134
CVE-2006-6442

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now