| VID |
28126 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Musicmatch Jukebox, according to its version number, has multiple vulnerabilities. Musicmatch Jukebox is a music player for playing and recording CDs, MP3s, WMAs, and WAV files for Microsoft Windows platforms. Musicmatch Jukebox versions 10.00.2047 and earlier and versions 9.00.0159 and earlier are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to conduct cross-site scripting and to create or overwrite arbitrary files. In addition to these vulnerabilities, those softwares are also vulnerable to a buffer overflow condition. An attacker may exploit these vulnerabilities to execute arbitrary code on the affected host.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.musicmatch.com/info/user_guide/faq/security_updates.htm
http://www.hyperdose.com/advisories/H2005-02.txt
http://www.hyperdose.com/advisories/H2005-03.txt
http://www.hyperdose.com/advisories/H2005-04.txt
http://www.hyperdose.com/advisories/H2005-05.txt
http://securitytracker.com/alerts/2005/Apr/1013718.html
http://secunia.com/advisories/15087/
* Platforms Affected:
Musicmatch Jukebox version 10.00.2047 and earlier versions
Musicmatch Jukebox version 9.00.0159 and earlier versions
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Musicmatch Jukebox (10.0.2048 or 9.0.5066 or later), available from the Musicmatch Jukebox Download Web Page at http://www.musicmatch.com/download/free/security.htm |
| Related URL |
CVE-2005-1185,CVE-2005-1186,CVE-2005-1167,CVE-2005-1168 (CVE) |
| Related URL |
13167,13173,13174 (SecurityFocus) |
| Related URL |
20137,20243,20244 (ISS) |
|
