{"vuid":"VU#701121","idnumber":"701121","name":"Gracenote CDDB ActiveX control buffer overflow","keywords":["activex","internet explorer","cddb","buffer overflow","INFO#111001","Dranzer"],"overview":"The Gracenote CDDB ActiveX control contains a buffer overflow vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system.","clean_desc":"CDDB CDDB (CD Data Base) is an internet database provided by Gracenote. CDDB contains track lists and other information about music CDs. CDDB ActiveX control The CDDB ActiveX control is a COM object that allows applications to query the CDDB to retrieve music CD information. Gracenote has provided versions of the CDDB ActiveX control to multiple vendors. These versions may use unique file names and GUIDs. Applications that work with audio CDs are the most likely ones to provide the Gracenote CDDB ActiveX control. The problem The CDDB ActiveX control contains a buffer overflow vulnerability.","impact":"By convincing a user to view a specially crafted HTML document (e.g., a web page, HTML email message, or attachment), an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause IE (or the program using the WebBrowser control) to crash.","resolution":"Apply an update\nSony users should apply an update, as specified by the Gracenote Security Update. Nokia PC Suite users should install the PC Suite Version 6.8 Update. KDDI au Music Port users should install au Music Port 2.10 or later, as specified by the KDDI security alert. JustSystem BeatJam 2006 users should apply an update, as specified by the Gracenote Security Update. This issue is addressed by AOL 9.0 automatic updates. Log in to the AOL service to receive the appropriate update automatically. Users with AOL older than version 9.0 are recommended to upgrade to the latest version of AOL. Users of other Gracenote-enabled software should run the update utility provided by Gracenote. This will disable vulnerable versions of the control that do not have updates available.","workarounds":"Disable the CDDB control Disable the CDDB control by setting the kill bit as described in Microsoft Knowledge Base article 240797. The most common CLSIDs for the CDDB control are: {F4BAFF02-F907-11D2-8F8F-00C04F4C3B9F} {229b78d5-38f5-11d5-9001-00c04f4c3b9f} This will prevent the CDDB control from being used in Internet Explorer, but should not interfere with other applications that happen to use the control. Disable ActiveX Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this vulnerability. Instructions for disabling ActiveX in the Internet Zone can be found in the \"Securing Your Web Browser\" document and the Malicious Web Scripts FAQ. Note that disabling ActiveX controls in the Internet Zone will reduce the functionality of some web sites.","sysaffected":"","thanks":"Thanks to Dan Plakosh of CERT/CC and Richard Smith for reporting this vulnerability.","author":"This document was written by Will Dormann.","public":["http://www.gracenote.com/corporate/FAQs.html/faqset=security/page=0","http://www.gracenote.com/sec062706/SonySecurityNotification.html","http://www.gracenote.com/sec062706/JustSystem_Security_Notice.html","http://europe.nokia.com/nokia/0,,93034,00.html","http://www.microsoft.com/com/default.mspx","http://jvn.jp/cert/JVNVU%23701121/","http://osvdb.org/displayvuln.php?osvdb_id=26874","http://www.zerodayinitiative.com/advisories/ZDI-06-019.html","http://secunia.com/advisories/20861/","http://secunia.com/advisories/20862/","http://secunia.com/advisories/23043/","http://www.au.kddi.com/service/lismo/music_port_caution.html","http://secunia.com/advisories/23043/"],"cveids":["CVE-2006-3134"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-05-10T17:29:46Z","publicdate":"2006-06-27T00:00:00Z","datefirstpublished":"2006-06-27T17:32:59Z","dateupdated":"2007-08-16T00:28:19Z","revision":24,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"4","cam_widelyknown":"3","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"8","cam_impact":"15","cam_easeofexploitation":"15","cam_attackeraccessrequired":"17","cam_scorecurrent":"7.45875","cam_scorecurrentwidelyknown":"17.2125","cam_scorecurrentwidelyknownexploited":"28.6875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":7.45875,"vulnote":null}