---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: Gracenote CDDBControl ActiveX Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA22924 VERIFY ADVISORY: http://secunia.com/advisories/22924/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Gracenote CDDBControl ActiveX Control 2.x http://secunia.com/product/10669/ DESCRIPTION: A vulnerability has been reported in GraceNote CDDBControl ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the handling of certain unspecified proxy configuration parameters. This can be exploited to cause a buffer overflow when a user visits a malicious web site. Successful exploitation allows execution of arbitrary code. Note: Other products that install this ActiveX control may also be affected. SOLUTION: The vendor recommends users of other affected products to contact their respective vendors for an update. The vendor has also provided the following program to allow users of other Gracenote-enabled products to update or disable the ActiveX control if a patch is not available. http://www.gracenote.com/corporate/update/ PROVIDED AND/OR DISCOVERED BY: Discovered by Peter Vreugdenhil and reported via ZDI. ORIGINAL ADVISORY: Gracenote: http://www.gracenote.com/corporate/FAQs.html/faqset=update/page=0 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-07-021.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------