Gracenote CDDB ActiveX buffer overflow

gracenote-cddb-activex-bo (27416) The risk level is classified as HighHigh Risk

Description:

The Gracenote CDDB ActiveX control, which is used by multiple vendors for looking up information about CDs in the Gracenote CD Data Base (CDDB), is vulnerable to a buffer overflow. By creating a malicious Web page that initiates the ActiveX control with a specially-crafted option value, a remote attacker could overflow a buffer to execute arbitrary code on the victim's system or cause the victim's Web browser to crash, once the malicious page is loaded.

Note: In order to successfully exploit this vulnerability, the attacker would be required to persuade a potential victim to visit a malicious Web page or open a malicious HTML email.

Platforms Affected:

  • AOL, AOL 9.0 and prior
  • AOL, AOL Security Edition 9.0 and prior
  • Gracenote, Gracenote CDDB ActiveX Control
  • Nokia, PC Suite 6.7
  • Nokia, PC Suite 6.8
  • Sony, SonicStage 3.3
  • Sony, SonicStage 3.4
  • Sony, SonicStage Mastering Studio 2.1
  • Sony, SonicStage Mastering Studio 2.2
  • Sony Connect, Sony CONNECT Player

Remedy:

For Sony CONNECT Player and Sony Sonic Stage:
Refer to Gracenote Security Update June 27th, 2006 for upgrade information. See References.

For Nokia PC Suite:
Apply the PC Suite Version 6.8 Update, available from the Nokia Global Web site. See References.

For AOL 9.0 Security Edition:
Apply the available update using the AOL 9.0 automatic updates utility.

For AOL versions prior to AOL 9.0:
Upgrade to AOL 9.0 Security Edition, available from the AOL Web site. See References.

Consequences:

Gain Access

References:

  • America Online Downloads page, AOL Downloads at http://downloads.channel.aol.com/windowsproducts.
  • Full-Disclosure Mailing List, Tue Jun 27 2006 - 11:18:25 CDT, ZDI-06-019: GraceNote CDDBControl ActiveX Buffer Overflow Vulnerability at http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0737.html.
  • Gracenote Security Update June 27th, 2006, Sony Security Notification at http://www.gracenote.com/sec062706/SonySecurityNotification.html.
  • ZDI-06-019, GraceNote CDDBControl ActiveX Buffer Overflow Vulnerability at http://www.zerodayinitiative.com/advisories/ZDI-06-019.html.
  • BID-18678: GraceNote CDDBControl ActiveX Control Remote Buffer Overflow Vulnerability
  • BID-21488: RETIRED: AOL CDDBControl ActiveX Control Buffer Overflow Vulnerability
  • CVE-2006-3134: Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by multiple products that use Gracenote CDDB, allows remote attackers to execute arbitrary code via a long option string.
  • CVE-2006-6442: Stack-based buffer overflow in the SetClientInfo function in the CDDBControlAOL.CDDBAOLControl ActiveX control (cddbcontrol.dll), as used in America Online (AOL) 7.0 4114.563, 8.0 4129.230, and 9.0 Security Edition 4156.910, and possibly other products, allows remote attackers to execute arbitrary code via a long ClientId argument.
  • OSVDB ID: 26874: Gracenote CDDBControl ActiveX Control Option String Overflow
  • SA20861: Gracenote CDDBControl ActiveX Control Buffer Overflow
  • SA20862: Nokia PC Suite CDDBControl ActiveX Control Buffer Overflow
  • SA23043: AOL CDDBControl ActiveX Control "SetClientInfo()" Buffer Overflow
  • SECTRACK ID: 1016389: Gracenote CDDBControl ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code
  • SECTRACK ID: 1017357: AOL Buffer Overflow in CDDBControl ActiveX Control Lets Remote Users Execute Arbitrary Code
  • US-CERT VU#701121: Gracenote CDDB ActiveX control buffer overflow
  • VUPEN/ADV-2006-2562: Sony Products Gracenote CDDB ActiveX Control Remote Buffer Overflow Vulnerability
  • VUPEN/ADV-2006-2563: Nokia PC Suite Gracenote CDDB ActiveX Control Remote Buffer Overflow Vulnerability
  • VUPEN/ADV-2006-4904: AOL CDDBControl ActiveX Control SetClientInfo() Remote Buffer Overflow Vulnerability

Reported:

Jun 27, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page