1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Yahoo! Jukebox MediaGrid ActiveX BO

HTTP Yahoo! Jukebox MediaGrid ActiveX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to overflow a buffer in the Yahoo! JukeBox MediaGrid ActiveX control by providing malformed data.

Additional Information

Yahoo! Music Jukebox 'mediagrid.dll' ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

This issue affects 'mediagrid.dll' 2.2.2.56; other versions may also be vulnerable

Affected

  • Yahoo! mediagrid.dll 2.2.2 56
  • Yahoo! Instant Messenger 3.5
  • Yahoo! Instant Messenger build 734
  • Yahoo! Instant Messenger build 733
  • Yahoo! Messenger 5.5
  • Yahoo! Messenger 5.0.1232
  • Yahoo! Messenger 5.0.1065
  • Yahoo! Messenger 5.0.1046
  • Yahoo! Messenger 5.0
  • Yahoo! Messenger 4.0

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube