Yahoo! Music Jukebox 2.2 AddImage() ActiveX Remote Buffer Overflow

  Severity: MEDIUM
  CVE Identifier: CVE-2008-0623,CVE-2008-0624,CVE-2008-0625
  Advisory Date: JUL 21, 2015

  DESCRIPTION

Multiple buffer overflow vulnerabilities exist in Yahoo! Music Jukebox. These vulnerabilities are caused due to boundary errors within the Yahoo! Music Jukebox ActiveX Control. A remote attack can exploit these vulnerabilities by enticing the target user to open a crafted webpage, potentially causing arbitrary code to be injected and executed in the security context of the current user.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1001424
  Trend Micro Deep Security DPI Rule Name: 1001424 - Microsoft Internet Explorer Yahoo! Music Jukebox AddBitmap & AddButton ActiveX Remote Buffer Overflow

  AFFECTED SOFTWARE AND VERSION

  • Microsoft Internet Explorer

Featured Stories