Security flaws found in Yahoo Music Jukebox

Folks who are tapping into their tunes via the Yahoo Music Jukebox music player may find themselves at risk of allowing a malicious attacker into their computer, according to a security advisory issued Monday by Secunia.

The "extremely critical" security vulnerabilities are found in Yahoo Music Jukebox version 2.2.2.056 and possibly other versions, according to Secunia. The heightened warning comes as exploit code has been made public, which could give malicious attackers a road map to follow should they want to compromise a user's computer.

According to Secunia, users who have the Yahoo Music Jukebox loaded on their system and visit a malicious Web site could find themselves at risk. The security flaws are found in the way certain ActiveX controls in the Yahoo music player process information, which could cause a buffer overflow problem. An attacker could then exploit the vulnerabilities and execute arbitrary code from a user's computer.

Secunia advises Yahoo Music Jukebox users to set the "kill-bit" for the affected ActiveX controls, as a means to minimize any potential threat to their system.

Yahoo was not immediately available for comment. But stay tuned.

[Lee in San Diego]

MicroSoft will fix it

n/t

[thedreaming]

(Rolling Eyes)

Let me get this straight: A security company I've never heard of tells me that a music player no one really uses has a vulnerability thanks in part to Microsoft and their activex technology?

So, basically, they created the threat, release it into the wild, report on it and get their name in the blogs so people will ask, "Who are these morons?"

[pctec100]

You've never heard of Secunia?

Secunia has been one of the best sources on the web for years for information on security vulnerabilities. They are a responsible company and are not the same people who released the exploit code.

I recommend anyone who is responsible for maintaining computer systems to get on their mailing list.