The Yahoo! Music Jukebox Yahoo! MediaGrid ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Yahoo! Music Jukebox is a music player for Microsoft Windows, which includes multiple ActiveX controls. The Yahoo! MediaGrid ActiveX control, which is provided by mediagridax.dll, contains a stack buffer overflow in the AddBitmap() method.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user on a vulnerable system.
Apply an update
This vulnerability is addressed in Yahoo! Media Jukebox version 2.2.2.058, which comes with mediagridax.dll version 184.108.40.206. This update may be applied with the automatic update functionality of the Yahoo! Media Jukebox software, or you can install it manually. Please see the Yahoo! Music Jukebox Security Update for more details.
This vulnerability was publicly disclosed by Elazar Broad.
This document was written by Will Dormann.
|Date First Published:||2008-02-05|
|Date Last Updated:||2008-02-13 15:41 UTC|