Security flaws found in Yahoo Music Jukebox

Security researchers warn Yahoo Music Jukebox users of a public exploit that can take advantage of "extremely critical" security flaws in the music player.

Folks who are tapping into their tunes via the Yahoo Music Jukebox music player may find themselves at risk of allowing a malicious attacker into their computer, according to a security advisory issued Monday by Secunia.

The "extremely critical" security vulnerabilities are found in Yahoo Music Jukebox version 2.2.2.056 and possibly other versions, according to Secunia. The heightened warning comes as exploit code has been made public, which could give malicious attackers a road map to follow should they want to compromise a user's computer.

According to Secunia, users who have the Yahoo Music Jukebox loaded on their system and visit a malicious Web site could find themselves at risk. The security flaws are found in the way certain ActiveX controls in the Yahoo music player process information, which could cause a buffer overflow problem. An attacker could then exploit the vulnerabilities and execute arbitrary code from a user's computer.

Secunia advises Yahoo Music Jukebox users to set the "kill-bit" for the affected ActiveX controls, as a means to minimize any potential threat to their system.

Yahoo was not immediately available for comment. But stay tuned.

About the author

    Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    Tech industry's high-flying 2014
    Uber's tumultuous ups and downs in 2014 (pictures)
    The best and worst quotes of 2014 (pictures)
    A roomy range from LG (pictures)
    This plain GE range has all of the essentials (pictures)
    Sony's 'Interview' heard 'round the world (pictures)