Home arrow US-CERT Computer Emergency Readiness Team arrow Yahoo! Music Jukebox ActiveX Buffer Overflow Vulnerabilities

Yahoo! Music Jukebox ActiveX Buffer Overflow Vulnerabilities

US-CERT is aware of publicly available exploit code for vulnerabilities affecting Yahoo! Music Jukebox. These vulnerabilities are caused by buffer overflows in the Yahoo! MediaGrid ActiveX control and the YMP Datagrid ActiveX control. Successful exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code on a vulnerable system.

More information regarding these vulnerabilities can be found in Vulnerability Notes VU#101676VU#101676 and VU#340860VU#340860.

US-CERT encourages users to Disable ActiveX controls as described in the Securing Your Web BrowserSecuring Your Web Browser document.