Full Disclosure mailing list archives
GraceNote CDDB ActiveX Control Vulnerability: Gracenote's Lack of Information is abominable
From: "MNV" <mnv () alumni princeton edu>
Date: Tue, 11 Jul 2006 10:26:44 -0700
I've been research the impact of this vulnerability for one of our clients. The amount of info out there is terrible: affected applications are basically, some obscure stuff by Sony and Nokia. There is a failure to mention that the ActiveX control is also bundled with other "obscure" apps like: WinAmp. iTunes. Roxio's CD Burning software. Any of that on YOUR network? I have *no idea* if these applications have the vulnerable version of the ActiveX control. I would LOVE to know this. So I called GraceNote. Got directed to the website: useless. Called again. Was promised a callback from someone, which I *did receive* in under 24 hours. YAY! Except: again, useless. Background: there are over 7,000 machines we are responsible for. So a little thing, can have a big ripple effect. GraceNote (510) 428-7200 rep: I can't tell you if those apps are vulnerable. If you're worried, just update. Me: The only apps listed are Sony/Nokia "and others" -- you have no idea who the others are? Rep: The software will tell you if it needs to be updated. (Ya, she really said that. Because we all KNOW that all software just *knows* it needs to be patched) Me: Not necessarily a possibility through our firewall. I've identifed the apps as using Gracenote's CDDB ActiveX Control file: can you tell me if they're affected? Rep: If you're worried, just do an update. Ridiculous. I'll now try and get in touch with the bulletin author to see if he can test/provide more info. Anyone else, if you can get more outta gracenote: (510) 428-7200, be my guest. Please. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- 70 million computers are using Windows 98 right now n3td3v (Jul 11)
- Re: 70 million computers are using Windows 98 right now Cardoso (Jul 11)
- Re: 70 million computers are using Windows 98 right now Valdis . Kletnieks (Jul 11)
- RE: 70 million computers are using Windows 98 rightnow Larry Seltzer (Jul 11)
- Re: 70 million computers are using Windows 98 right now Cardoso (Jul 11)
- GraceNote CDDB ActiveX Control Vulnerability: Gracenote's Lack of Information is abominable MNV (Jul 11)
- Re: 70 million computers are using Windows 98 right now n3td3v (Jul 11)
- RE: 70 million computers are using Windows 98 rightnow Larry Seltzer (Jul 11)
- Re: 70 million computers are using Windows 98 rightnow Cardoso (Jul 11)
- Re: 70 million computers are using Windows 98 right now Valdis . Kletnieks (Jul 11)
- Re: 70 million computers are using Windows 98 right now n3td3v (Jul 11)
- Re: 70 million computers are using Windows 98 right now Tonnerre Lombard (Jul 13)
- Re: 70 million computers are using Windows 98 right now Cardoso (Jul 11)
- Re: 70 million computers are using Windows 98 rightnow Morning Wood (Jul 11)
- Re: 70 million computers are using Windows 98 right now wac (Jul 22)
- Re: 70 million computers are using Windows 98 right now Eliah Kagan (Jul 23)
- Message not available
- Message not available
- Re: 70 million computers are using Windows 98 right now wac (Jul 26)