ITS Homepage Click here for text version of ITS homepage University at AlbanyUAlbany Site IndexUAlbany Search
alerts_tag
*UNPATCHED* vulnerability for Yahoo! Music Jukebox


ALARM Group ALERT - click for a description of ALARM, The Computing Alert System


Alert Number:  020408-02
Alert Date:  02/04/08
Alert Title:  *UNPATCHED* vulnerability for Yahoo! Music Jukebox
Update-to:  None.
OS/Platform/Application:  Yahoo! Music Jukebox on applicable systems
Category:  ALERT
Severity:  MEDIUM
Attention:  System Administrators, Desktop Support Personnel, Yahoo! Music Jukebox users

Summary:  Multiple Internet security resources are reporting the existence of a vulnerability in the popular Yahoo! Music Jukebox media utility.  The most likely mechanism of exploit would be the opening of a maliciously-crafted website and could result in takeover of a vulnerable system.  At the time of this writing (10:31 AM 2/4/08) no patch has been supplied by the vendor and code is publicly available on the Internet to exploit this vulnerability.  As a result of these conditions the vunlerability is being rated as "Extremely Critical" by security resource sites.

*It is important to note that recent research into the nature and trends of malware has shown that the majority of websites hosting maliciously-crafted software are in fact ones which users presume to be "legitimate" sites.  The fact that dangerous software may be hiding within seemingly innocuous websites is another reason why it is vitally important to patch all vulnerable software on any system as soon as patches are made available from the vendor.  In cases where a patch is not yet available users should consider any website and/or media file that they visit or handle as a potential source of compromise for their computer systems.

Recommended Actions:  System administrators, support personnel and Yahoo! Music Jukebox users are encouraged to read the security advisories (safe links provided below) and check them frequently for updates and/or news of a patch release from Yahoo!.  In the meantime, users are encouraged to use extreme caution when visiting trusted and untrusted websites (see "*" above) if their systems are running Yahoo! Music Jukebox software.

Readers are encouraged to share this alert with family, friends, and associates who may use Yahoo! Music Jukebox on their home computers.

ITS Actions:  N/A

Resources:

LiquidMatrix Advisory:
http://www.liquidmatrix.org/blog/2008/02/04/yahoo-music-jukebox-activex-buffer-overflows/

FrSirt Advisory:
http://www.frsirt.com/english/advisories/2008/0396

ComputerWorld article detailing changes the nature of maliciously-crafted websites:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9058599
 

BLANKABCDEFGHIJKLMBLANK
BLANKNOPQRSTUVWXYZBLANK
CHOOSE FROM the ITS Site Index

GO TO an ITS Group

Information Technology Services
University at Albany, SUNY
1400 Washington Avenue
Albany, NY 12222
ITS Service Centers:  518-442-4000
  		University at Albany Home Page
Contact UAlbany | Directories | Calendars | Visitors | Site Index | Search
Admissions | Academics | Research | IT Services | Libraries | Athletics
Internet Privacy Policy              IT Policies