Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Yahoo! Music Jukebox 2.2.2.56

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Yahoo!
And, this specific program:
Yahoo! Music Jukebox 2.x

This thread has been marked as resolved.
binky01 Yahoo! Music Jukebox 2.2.2.56
Member 10th Aug, 2011 22:19
Ranking: 0
Posts: 2
User Since: 10th Aug, 2011
System Score: N/A
Location: US
According to the PSI scan result: "The version detected of Yahoo! Music Jukebox 2.x was 2.0.0.134 while the latest version including one or more security fixes is 2.2.2.56."

When I click on "Install Solution" it links to the Rhapsody Premium Music Subscription, which I don't want. The only references to 2.2.2.56 seem to be from 2008 & related to discussions of vulnerabilities.

Any suggestions, or is 2.2.2.56 not a viable program.

Thanks.

Post "RE: Yahoo! Music Jukebox 2.2.2.56" has been selected as an answer.
wr RE: Yahoo! Music Jukebox 2.2.2.56
Contributor 10th Aug, 2011 23:08
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
Hi binky01

Here's what I found on Wikipedia:
According to the Yahoo site, the software is no longer available for purchase, as it has been bought out by Rhapsody. All clients were switched during the middle part of 2008.[1]

As of summer 2008, the Jukebox no longer streams online content. The Jukebox may still be used to manage purchased music and local music, but no longer connects to any online services. If one wants to continue streaming Yahoo! Music, they should proceed to music.yahoo.com and listen to "My Station" from the website.

Hope this helps.

Regards, wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+1
-0
Anthony Wells RE: Yahoo! Music Jukebox 2.2.2.56
Expert Contributor 10th Aug, 2011 23:09
Score: 2437
Posts: 3,324
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 10th Aug, 2011 23:19
Hi ,

The Secunia Advisory SA28757 seems to indicate that there is a vulnerability affecting versions up to and including version 2.2.2.056 :-

http://secunia.com/advisories/28757/

This dates back to 2008 and suggests updating to the latest version - not specified . Whether there is a "latest" version I cannot say , but a quick search of the web only produces version 2.0.2.056 .****

It is an old programme and appears to be supported if the PSI is saying it is "insecure" and not "End of Life" ; or is it showing as "EOL" ??

Post the details as provided by the troubleshoot report :-

http://secunia.com/vulnerability_scanning/personal...

Anthony

EDIT**** : hereis a link for 2.2.2.058 , it do not know if this is a reputable site , so beware :-

http://www.filecluster.com/downloads/Yahoo-Music-J...

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
binky01 RE: Yahoo! Music Jukebox 2.2.2.56
Member 11th Aug, 2011 13:54
Score: 0
Posts: 2
User Since: 10th Aug 2011
System Score: N/A
Location: US
Hi Anthony,

This is showing as EOL. Does that make a difference?
Was this reply relevant?
+0
-0
Anthony Wells RE: Yahoo! Music Jukebox 2.2.2.56
Expert Contributor 11th Aug, 2011 15:21
Score: 2437
Posts: 3,324
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 11th Aug, 2011 15:25
Hi binky ,

You locked this thread by clicking the "Accept" button below wr's post . I asked Secunia support to re-open it so I could answer your question .

Once you are completely happy that all your questions are answered , you can re-lock the thread clicking/using the "Accept" button under any post (usually the one which helped you most) ; this stops tag-on posters and spam posters filling your mail box with useless update emails .

To answer your question :-

If the PSI says it is "insecure" and you can update it , then such a programme is supported by the vendor and you , them and the PSI can keep you patched and up to date . Of course , sometimes , there is a known insecurity/vulnerability for which there is no patch yet available as is the current situation with Java JRE U26 . You cannot patch the problem as yet , so you just need to be extra careful in using anything that accesses/needs Java to work . Extra information (for more expert users) is found in the "Secure Browsing" module of the PSI .

An "EOL" means the vendor has stopped supporting the programme and any future problems will not be tracked and you will not be advised of any potential/actual problem arises . This means that with time the bad guys may get into programme and so your system .

Reading what is said in the extract from Wiki (posted by wr) , it seems that even though the programme has a known "insecurity as per SA28757 :-

http://secunia.com/advisories/28757/

you can no longer go online to websites and so that would reduce your exposure to risk and only using it for music you already have downloaded to your machine would also seem to give limited exposure to danger .

Going anywhere new and listening to new stuff would increase the danger .

Only you can decide whether the risk of keeping the programme is acceptable to you . If you choose to keep the programme you can set an "ignore rule" so that the PSI no longer displays the programme in the scan results ; not a decision to be taken lightly .

Please ask if anything is not clear .

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability