Two vulnerabilities have been reported in Musicmatch Jukebox, where one has an unknown impact, and the other can be exploited by malicious people to create or overwrite arbitrary files.
1) An unspecified boundary error exists, which can be exploited to cause a buffer overflow.
2) An input validation error in the "StartDiagCollection()" function in the "DiagCollectionControl" ActiveX control can be exploited to create and overwrite arbitrary files by tricking a user into visiting a malicious web site.
Some other issues have also been reported. These include improper storing of log information and temporary files, inappropriate adding of "*.musicmatch.com" to the Trusted Zone in Internet Explorer, and an insecure "CreateProcess()" call, which may allow execution of a malicious program named "c:\program.exe".
The vulnerabilities have been reported in versions 10.00.2047, 9.00.0159 and prior.
Solution: The vulnerabilities have been fixed in an updated version.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: Musicmatch Jukebox Two Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.