vendor:
jetAudio
by:
Krystian Kloskowski (h07)
7.5
CVSS
HIGH
Remote Code Execution
Unknown
CWE
Product Name: jetAudio
Affected Version From: jetAudio 7.x
Affected Version To: jetAudio 7.x
Patch Exists: NO
Related CWE:
CPE: a:jetaudio:jetaudio:7.x
Platforms Tested: Windows (Microsoft Internet Explorer 6)
2007
jetAudio 7.x ActiveX DownloadFromMusicStore() 0day Remote Code Execution Exploit
This exploit targets the DownloadFromMusicStore() function in the jetAudio 7.x ActiveX control. It allows an attacker to remotely execute arbitrary code on a vulnerable system. The bug was discovered by Krystian Kloskowski (h07) and has been tested on jetAudio 7.0.3 Basic with Microsoft Internet Explorer 6.
Mitigation:
Apply the latest security patches and updates for jetAudio. Consider disabling or removing the vulnerable ActiveX control if not needed.