Yahoo! Music Jukebox may dish out malware instead of hits, after the discovery of exploits made for ActiveX vulnerabilities in the media player. The Register identifies Elazar Broad as the researcher discovering the targeted vulnerabilities: two unpatched ActiveX flaws which, when successfully exploited, cause a buffer overflow that may allow an attacker to run malicious code on the affected system. Broad posted a proof-of-concept (POC) code on a public Web site, and a day after, malware authors pounced on the POC, modified the code, and voila – a new exploit making its rounds on the Web.
It seems that malware authors are having a grand time exploiting various Web applications via ActiveX flaws. Just hours ago, we reported that malicious URLs are exploiting the Chinese gaming platform Lianzong, add to that zero-day ActiveX flaws in Facebook and MySpace. Interestingly, the exploits taking advantage of the flaws in both Yahoo! Music Jukebox and the Chinese gaming application are detected by Trend Micro as EXPL_EXECOD.A, proof that malware authors are modifying codes to specifically target certain applications. It may seem like a stretch but it’s safe to say that this tactic broadens the target “audience” of this exploit.
As of this writing, Yahoo! has not issued a patch for the ActiveX vulnerabilities. However, proactive detection of the exploit and the malicious URLs by Trend Micro products’ Web Threat Protection technology ensures our customers that they are safe from the unwanted effects of the malware/malicious URL.