Feb 07 2008
According to the US CERT, Yahoo Music Jukebox has two areas of vulnerability in the YMP Datagrid and Media Acitve X controls. While this is not directly tied to the Red Hacker Alliance, Roger Thompson, chief research officer at AVG Technologies had this to say:
“In the past, the Chinese exploit developers have been very quick to seize on something like this,” said Thompson. “These college kids are very bright. They tend to break the initial ground and then criminal gangs who are certainly organized will borrow these exploits.”
Yahoo Music Jukebox is the default music software sold by the Sunnyvale, Calif.-based company. News of the vulnerabilities comes closely on the heels of Yahoo’s announcement that it plans to abandon its unlimited music service and instead put on-demand music in the hands of RealNetworks’ Rhapsody service. Yahoo did not immediately respond to communication from ChannelWeb.