Yahoo! Music Jukebox ActiveX Controls Buffer Overflows
High Nessus Plugin ID 30205
SynopsisThe remote Windows host has a least one ActiveX control that is affected by buffer overflow vulnerabilities.
DescriptionThe remote host contains the 'DataGrid' and/or 'MediaGrid' ActiveX controls included with Yahoo! Music Jukebox.
These controls are reportedly affected by multiple buffer overflows involving, for example, the 'AddButton' and 'AddImage' methods of the 'DataGrid' control and 'AddBitmap' method of the 'MediaGrid' control.
If an attacker can trick a user on the affected host into visiting a specially crafted web page, these issues could be leveraged to execute arbitrary code on the host subject to the user's privileges.
SolutionUpgrade to version 2.2.2.058 of the control as described in the vendor advisory.