NASLDB: Yahoo! Music Jukebox ActiveX Controls Buffer Overflows
General
ID: 30205
Name: Yahoo! Music Jukebox ActiveX Controls Buffer Overflows
Summary: Checks version of affected ActiveX controls
Credits: –
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C
Port: 139
Family: Windows
Type: Local
Description
The remote host contains the ‘DataGrid’ and/or ‘MediaGrid’ ActiveX
controls included with Yahoo! Music Jukebox.
These controls are reportedly affected by multiple buffer overflows
involving, for example, the ‘AddButton’ and ‘AddImage’ methods of the
‘DataGrid’ control and ‘AddBitmap’ method of the ‘MediaGrid’ control.
If an attacker can trick a user on the affected host into visiting a
specially crafted web page, he may be able to leverage these issues to
execute arbitrary code on the host subject to the user’s privileges.
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2008-0623
OSVDB: 41050
Bugtraq: 27578
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2008/02/07
Plugin
Version: 1.12
Filename: yahoo_jukebox_activex_overflows.nasl
Filesize: 3753 bytes
MD5 Hash: a1d49b17076c920c177216747a8c5cbb
Identification: SMB/Registry/Enumerated
Require Keys: SMB/Registry/Enumerated
Dependencies: "smb_hotfixes.nasl"
Copyright: This script is Copyright© 2008-2011 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack