Yahoo! Music Jukebox ActiveX Controls Buffer Overflows

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a least one ActiveX control that is
affected by buffer overflow vulnerabilities.

Description :

The remote host contains the 'DataGrid' and/or 'MediaGrid' ActiveX
controls included with Yahoo! Music Jukebox.

These controls are reportedly affected by multiple buffer overflows
involving, for example, the 'AddButton' and 'AddImage' methods of the
'DataGrid' control and 'AddBitmap' method of the 'MediaGrid' control.
If an attacker can trick a user on the affected host into visiting a
specially crafted web page, these issues could be leveraged to execute
arbitrary code on the host subject to the user's privileges.

See also :

http://seclists.org/fulldisclosure/2008/Feb/24

Solution :

Upgrade to version 2.2.2.058 of the control as described in the vendor
advisory.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 30205 ()

Bugtraq ID: 27578
27579
27590

CVE ID: CVE-2008-0623
CVE-2008-0624
CVE-2008-0625

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now