Folks who are tapping into their tunes via the Yahoo Music Jukebox music player may find themselves at risk of allowing a malicious attacker into their computer, according to a security advisory issued Monday by Secunia.
The "extremely critical" security vulnerabilities are found in Yahoo Music Jukebox version 2.2.2.056 and possibly other versions, according to Secunia. The heightened warning comes as exploit code has been made public, which could give malicious attackers a road map to follow should they want to compromise a user's computer.
According to Secunia, users who have the Yahoo Music Jukebox loaded on their system and visit a malicious Web site could find themselves at risk. The security flaws are found in the way certain ActiveX controls in the Yahoo music player process information, which could cause a buffer overflow problem. An attacker could then exploit the vulnerabilities and execute arbitrary code from a user's computer.
Secunia advises Yahoo Music Jukebox users to set the "kill-bit" for the affected ActiveX controls, as a means to minimize any potential threat to their system.
Yahoo was not immediately available for comment. But stay tuned.