Multiple vulnerabilities have been detected in the ActiveX control of the Yahoo! Music Jukebox which may permit attackers to take “complete control” of a user's PC, according to FrSIRT, the French security response team.
The flaws in the control for Music Jukebox comes on the heels of warnings last week from Symantec that a similar ActiveX flaw exists in image uploaders that have been widely distributed to MySpace and Facebook users. Both reports detailed vulnerabilities that centered in the buffer overflow of the control which, when exploited, permits attackers to install malicious code on users' computers.
In its warning, FrSIRT said buffer overflow errors in the datagrid.dll and mediagrid.dll ActiveX control of the Music Jukebox cause the control “when processing overly long arguments” to pass these issues to AddImage, AddButton or AddBitmap functions that can then be exploited by remote attackers to executive arbitrary code by tricking a user into visiting a malware site.
The French response team also warned that the ActiveX flaws in the Music Jukebox could generate a denial of service.
Symantec last week attached one of its highest “urgency” ratings to its warning that an ActiveX vulnerability was detected in image uploaders that automatically are given to Facebook and MySpace users. The flaw also has been found in the ActiveX control in the Aurigma Image Uploader, which may have been used as the basis for the Facebook and MySpace uploaders, Symantec said.
A public relations firm sent SCMagazineUS.com on Monday what it said was a “joint statement” from MySpace and Facebook indicating that the two popular social networking sites, working with Aurigma, had identified a solution to the ActiveX flaw in the uploaders and had “collaborated to resolve the issue.”
Recently, [MySpace, Facebook and Aurigma] were alerted to a vulnerability in Aurigma Imaging Technology's software that could potentially put certain users with Windows-based systems at risk,” Amy Sezak of OutCast Communications told SCMagazineUS.com. “Immediately after identifying a solution, Facebook, MySpace and Aurigma collaborated to resolve the issue and are working to individually alert users of any additional steps that need to be taken to ensure user security."
Symantec warned last Thursday that an attacker exploiting the ActiveX vulnerability could inject malicious code into the PC of anyone who has installed an uploader containing the flaw on their computer, potentially enabling attackers to take control of the PC.
"They could use [the ActiveX vulnerability] to introduce any malicious code that is out there," Oliver Friedrich, Symantec Security Response director, told SCMagazineUS.com
Friedrich's said that one likely attack scenario may involve hackers using phishing emails to lure MySpace and Facebook users to malware sites and then exploiting the ActiveX flaw in the uploader on the user's computer to gain control of the unit or steal the user's data.
According to the alert issued by Symantec, "when the ActiveX control is processed, the attacker's code will run with the privileges of the user."
Friedrich said that because the vulnerability resides in the ActiveX control's buffer overflow, it will crash the user's browser if an exploit attack is not successful. Ironically, he noted, a browser crash -- while a temporary inconvenience to the user -- is actually protecting the user from the attack because it will prevent any infusion of malicious code.
Symantec detected the ActiveX control buffer-overflow vulnerability in Aurigma Image Uploader versions 4.5.50 and 4.6.70, but it was not found in version 4.6.17 of the unit, Symantec said. The security vendor recommended that users of the uploader set their web browser security to disable the execution of script code or active content.
Image uploaders automatically are distributed on Facebook and MySpace to users who upload files and images to the sites using Microsoft's Internet Explorer.
A series of ActiveX vulnerabilities have been discovered during the past year. ActiveX flaws were detected in a webcam uploader used on Yahoo! Messenger, and a bug in the control was found in Microsoft Office.
ActiveX control flaws found in Yahoo! Music Jukebox: FrSIRT
By Jack Rogers on Feb 5, 2008 4:55PM