Posted by: James Kim
Post date: 6/30/2006
Last night, Sony made available for free download version 4 of its much-maligned SonicStage software. The software adds new features, including compatibility with the upcoming NW-A1200 series and its "intelligent" playlist capabilities, as well as a security patch from Gracenote CDDB. Sony highly recommends that SonicStage users at least install the security patch.
Enhancements:
Recently, a security vulnerability has been found associated with the Gracenote CDDB (CD Database) service utilized by certain Sony software applications. The Gracenote CDDB lookup service provides information such as artist, title, tracklist and other music-related information in software applications. This "buffer overflow" vulnerability could allow an attacker to load malicious code onto a user's system and then execute the code.
As of the date of this update, neither Sony nor Gracenote has received reports of any customers being adversely impacted by this issue. However, we take all security issues very seriously. If you use any of the Sony music management software listed below (e.g., in connection with a VAIO computer or with a Walkman portable music player), we recommend that you download the Gracenote Update and install it on your PC.
This issue only affects the Sony software products listed below. Other Sony software products that utilize the Gracenote CD database lookup features do not contain this security issue.
Affected products: