Added: 02/11/2008
CVE: CVE-2008-0625
BID: 27578
OSVDB: 41051
Yahoo! Music Jukebox is a music player capable of playing, ripping, and burning MP3s and CDs, creating and sharing playlists, streaming radio stations, and purchasing music.
A buffer overflow vulnerability in the MediaGrid ActiveX Control in Yahoo! Music Jukebox allows command execution when a user loads a web page which calls the **AddBitmap**
method with a long, specially crafted argument.
Upgrade to Yahoo! Music Jukebox 2.2.2.058 or higher, or use the automatic update function in Yahoo! Music Jukebox.
<http://www.kb.cert.org/vuls/id/340860>
Exploit works on Yahoo! Music Jukebox 2.2.2.056 and requires a user to load the exploit page in Internet Explorer.
Windows