Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19022
HistoryFeb 06, 2008 - 12:00 a.m.

[Full-disclosure] Yahoo! JukeBox MediaGrid ActiveX Control AddBitmap() Buffer Overflow

2008-02-0600:00:00
vulners.com
11
JSON

Who:
Yahoo!
http://www.yahoo.com

What:
mediagrid.dll version 2.2.2.56
{22FD7C0A-850C-4A53-9821-0B0915C96139}
Implements IObjectSafety

This control is used with the Yahoo! JukeBox application.

How:
The 2nd parameter of the AddBitmap() method is vulnerable to a
buffer overflow.

Fix:
No official fix known

Workaround:
Set the killbit for this control, see
http://support.microsoft.com/kb/240797

Exploit:
http://milw0rm.com/exploits/5052


Click for quotes on adjustable mortgages.
http://tagline.hushmail.com/fc/Ioyw6h4dOB3cb6dJ2dcFs51ffjQiUKtIWvCZi2vPoyRVHjiVujrapq/
Elazar

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

JSON