发布时间 :2006-06-27 13:05:00
修订时间 :2017-07-19 21:32:04

[原文]Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by multiple products that use Gracenote CDDB, allows remote attackers to execute arbitrary code via a long option string.

[CNNVD]GraceNote CDDBControl ActiveX控件 远程缓冲区溢出漏洞(CNNVD-200606-521)

        GraceNote CDDBControl ActiveX控件中的缓冲区溢出(用在多个使用Gracenote CDDB的产品中),远程攻击者通过长选项字符串执行任意代码。

- CVSS (基础分值)

CVSS分值: 9.3 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源,,93034,00.html
(UNKNOWN)  MISC,,93034,00.html
(UNKNOWN)  FULLDISC  20060627 ZDI-06-019: GraceNote CDDBControl ActiveX Buffer Overflow Vulnerability
(UNKNOWN)  BID  18678
(UNKNOWN)  VUPEN  ADV-2006-2562
(UNKNOWN)  VUPEN  ADV-2006-2563
(UNKNOWN)  XF  gracenote-cddb-activex-bo(27416)

- 漏洞信息

GraceNote CDDBControl ActiveX控件 远程缓冲区溢出漏洞
高危 缓冲区溢出
2006-06-27 00:00:00 2007-05-01 00:00:00
        GraceNote CDDBControl ActiveX控件中的缓冲区溢出(用在多个使用Gracenote CDDB的产品中),远程攻击者通过长选项字符串执行任意代码。

- 公告与补丁


- 漏洞信息

Gracenote CDDBControl ActiveX Control Option String Overflow
Context Dependent Input Manipulation
Loss of Integrity
Exploit Private RBS Confirmed, Third-party Verified

- 漏洞描述

A remote overflow exists in Gracenote CDDBControl ActiveX Control. The Gracenote CDDB fails to handle long ClientId argument passed to the SetClientInfo() method, resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

- 时间线

2006-06-27 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 6.8 update or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

GraceNote CDDBControl ActiveX Control Remote Buffer Overflow Vulnerability
Boundary Condition Error 18678
Yes No
2006-06-27 12:00:00 2008-10-20 03:16:00
Peter Vreugdenhi is credited with the discovery of this vulnerability.

- 受影响的程序版本

Sony SonicStage Mastering Studio 2.2.1
Sony SonicStage Mastering Studio 2.2
Sony SonicStage Mastering Studio 2.1.1
Sony SonicStage Mastering Studio 2.1
Sony SonicStage 3.4
Sony SonicStage 3.3
Sony CONNECT Player 0
Nokia PC Suite 6.8
Nokia PC Suite 6.7
Justsystem BeatJam 2006
GraceNote CDDBControl ActiveX 0
AOL Client Software 9.0 Security
AOL Client Software 8.0
AOL Client Software 7.0

- 漏洞讨论

GraceNote CDDBControl ActiveX control is prone to a buffer-overflow vulnerability because the software fails to sufficiently bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Invoking the object from a malicious website or HTML email may trigger the condition. A successful exploit would corrupt process memory and allow arbitrary code to run in the context of the client application using the affected ActiveX control.

The following versions include the vulnerable software:

AOL 7.0 revision 4114.563
AOL 8.0 4129.230
AOL 9.0 Security Edition revision 4156.910

Other versions may also be affected.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at:

- 解决方案

The vendor has released software updates to address this issue. Please contact the vendor for more information. See the references for details.

Fixes for affected AOL customers are available from the vendor through the AOL Client software's automatic update feature.

Sony SonicStage 3.3

Sony SonicStage 3.4

Sony CONNECT Player 0

Sony SonicStage Mastering Studio 2.1

Sony SonicStage Mastering Studio 2.1.1

Sony SonicStage Mastering Studio 2.2

Sony SonicStage Mastering Studio 2.2.1

- 相关参考