Full Disclosure mailing list archives
Yahoo! JukeBox MediaGrid ActiveX Control AddBitmap() Buffer Overflow
From: "Elazar Broad" <elazar () hushmail com>
Date: Sun, 03 Feb 2008 23:11:24 +0000
Who: Yahoo! http://www.yahoo.com What: mediagrid.dll version 2.2.2.56 {22FD7C0A-850C-4A53-9821-0B0915C96139} Implements IObjectSafety This control is used with the Yahoo! JukeBox application. How: The 2nd parameter of the AddBitmap() method is vulnerable to a buffer overflow. Fix: No official fix known Workaround: Set the killbit for this control, see http://support.microsoft.com/kb/240797 Exploit: http://milw0rm.com/exploits/5052 -- Click for quotes on adjustable mortgages. http://tagline.hushmail.com/fc/Ioyw6h4dOB3cb6dJ2dcFs51ffjQiUKtIWvCZi2vPoyRVHjiVujrapq/ Elazar _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Yahoo! JukeBox MediaGrid ActiveX Control AddBitmap() Buffer Overflow Elazar Broad (Feb 03)