---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. http://secunia.com/secunia_security_specialist/ ---------------------------------------------------------------------- TITLE: Gracenote CDDBControl ActiveX Control Buffer Overflow SECUNIA ADVISORY ID: SA20861 VERIFY ADVISORY: http://secunia.com/advisories/20861/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Gracenote CDDBControl ActiveX Control http://secunia.com/product/10669/ SonicStage 3.x http://secunia.com/product/9731/ SonicStage Mastering Studio 2.x http://secunia.com/product/10671/ Sony CONNECT Player (SonicStage) 4.x http://secunia.com/product/10670/ DESCRIPTION: A vulnerability has been reported in GraceNote CDDBControl ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the handling of unspecified options that are passed to the ActiveX control. This can be exploited to cause a buffer overflow and may allow arbitrary code execution. Successful exploitation requires that e.g. the user is tricked into visiting a malicious website. The vulnerability has been reported in the ActiveX control distributed with the following products: * Sony CONNECT Player * Sony SonicStage version 3.3 and 3.4 * Sony SonicStage Mastering Studio version 2.1 and 2.2 Note: Other products that install the ActiveX control for CDDB CD information lookup may also be affected. SOLUTION: The vendor has issued a patch for the affected Sony products. http://www.gracenote.com/sec062706/SonySecurityNotification.html The vendor recommends users of other affected products to contact their respective vendors for an update. The vendor has also provided the following program to allow users of other Gracenote-enabled products to disable the ActiveX control if a patch is not available. http://www.gracenote.com/corporate/security/ PROVIDED AND/OR DISCOVERED BY: Discovered by Peter Vreugdenhil and reported via ZDI. ORIGINAL ADVISORY: Gracenote: http://www.gracenote.com/corporate/FAQs.html/faqset=security/page=0 Zero Day Initiative: http://www.zerodayinitiative.com/advisories/ZDI-06-019.html OTHER REFERENCES: US-CERT VU#701121 http://www.kb.cert.org/vuls/id/701121 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------