Secunia Security Advisory - A vulnerability has been reported in GraceNote CDDBControl ActiveX Control, which can be exploited by malicious people to compromise a user's system.
4f2571cd1c52b2122fdb038d6aa8aaf40162606e502d3dab6bfedf652f06ed87
----------------------------------------------------------------------
Secunia customers receive relevant and filtered advisories.
Delivery is done via different channels including SMS, Email, Web,
and https based XML feed.
http://corporate.secunia.com/trial/38/request/
----------------------------------------------------------------------
TITLE:
Gracenote CDDBControl ActiveX Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA22924
VERIFY ADVISORY:
http://secunia.com/advisories/22924/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Gracenote CDDBControl ActiveX Control 2.x
http://secunia.com/product/10669/
DESCRIPTION:
A vulnerability has been reported in GraceNote CDDBControl ActiveX
Control, which can be exploited by malicious people to compromise a
user's system.
The vulnerability is caused due to a boundary error within the
handling of certain unspecified proxy configuration parameters. This
can be exploited to cause a buffer overflow when a user visits a
malicious web site.
Successful exploitation allows execution of arbitrary code.
Note: Other products that install this ActiveX control may also be
affected.
SOLUTION:
The vendor recommends users of other affected products to contact
their respective vendors for an update.
The vendor has also provided the following program to allow users of
other Gracenote-enabled products to update or disable the ActiveX
control if a patch is not available.
http://www.gracenote.com/corporate/update/
PROVIDED AND/OR DISCOVERED BY:
Discovered by Peter Vreugdenhil and reported via ZDI.
ORIGINAL ADVISORY:
Gracenote:
http://www.gracenote.com/corporate/FAQs.html/faqset=update/page=0
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-07-021.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------