LIMIT OF LIABILITY: IN NO EVENT WILL GRACENOTE BE LIABLE TO YOU FOR ANY LOSS OF USE; INTERRUPTION OF BUSINESS; OR ANY DIRECT; INDIRECT; SPECIAL; INCIDENTAL; OR CONSEQUENTIAL DAMAGES OF ANY KIND (INCLUDING LOST PROFITS) REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT; TORT (INCLUDING NEGLIGENCE); STRICT PRODUCT LIABILITY OR OTHERWISE; EVEN IF GRACENOTE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Some states or jurisdictions do not allow the exclusion or limitation of incidental or consequential damages; so the above limitation or exclusion may not apply to you.
Click here to download the program. If your browser offers a “RUN” or “OPEN” option you may select it, otherwise please take note of the download location on your computer, for example C:\Download. When the program is run, it will check the version of the Gracenote-enabled product on your computer to see if it has these improvements and can update it if it is necessary (click the Update button to update). The program will check for most installations of Gracenote-enabled products and will make a small change to the registry setting for the ActiveX control, disabling external access to it via ActiveX. As with all changes to the registry, we recommend that you run a backup before applying this or any change to the registry on your computer.
Gracenote would like to thank Peter Vreugdenhil working with TippingPoint and the Zero Day Initiative for responsibly reporting this issue to Gracenote, and working with us to provide an update to our customers. The Zero Day Initiative is a best-of-breed program that rewards researchers for responsibly disclosing vulnerabilities. More information is available at www.zerodayinitiative.com.
Gracenote would also like to thank CERT for responsibly reporting this issue to Gracenote.
Gracenote Security Update June 27th, 2006
Recently, a security vulnerability has been found within a limited number of our products. This is the first time we have been made aware of this security issue, and to date we have not received reports of any customers being affected by this issue. However we take all security issues very seriously and are therefore outlining how users can address this with the update below.
What is the issue?A security vulnerability has been found that exists in some versions of an ActiveX control for Gracenote CDDB lookup used in certain Sony software products listed below. This issue is not present in all versions of our standard software and is only present in certain versions of our current software. This "buffer overflow" vulnerability could allow an attacker to load malicious code onto a user's system and then execute the code.
This issue only affects the Sony software products listed below. Other Sony software products that utilizes Gracenote's CDDB features uses other software and does not contain this security issue.
Sony CONNECT Player
Sony SonicStage Ver.3.3/3.4
Sony SonicStage Mastering Studio Ver.2.1/2.2
The link on this page provides the program to install updated software on your computer to address this issue.
Download procedureThe installer is named GracenoteUpdateForSony.exe and is 2.9MB in size.
If your browser offers a RUN or OPEN option you may select it when you click the download link, otherwise please take note of the download location on your computer, for example C:\Download.
Once the download has completed, please run the installer to start the update of your Sony software.
When the installer has finished, it will prompt to restart your computer. Please click the Finish button. Your computer will reboot and the update process will be complete.
Click here to download the installer to your computer.
For up to date information please see Gracenote Updates on Gracenote’s website.
DISCLAIMER OF WARRANTIES: THE INFORMATION HERE AND THE INSTALLER IS BEING PROVIDED TO YOU "AS IS" WITHOUT WARRANTY OF ANY KIND. GRACENOTE DISCLAIMS ALL WARRANTIES WITH REGARD TO THE INFORMATION AND THE INSTALLER; EXPRESS OR IMPLIED; INCLUDING; WITHOUT LIMITATION; ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE; MERCHANTABILITY; MERCHANTABLE QUALITY OR NONINFRINGEMENT OF THIRD PARTY RIGHTS. Some states or jurisdictions do not allow the exclusion of implied warranties; so the above limitations may not apply to you.
LIMIT OF LIABILITY: IN NO EVENT WILL GRACENOTE BE LIABLE TO YOU FOR ANY LOSS OF USE; INTERRUPTION OF BUSINESS; OR ANY DIRECT; INDIRECT; SPECIAL; INCIDENTAL; OR CONSEQUENTIAL DAMAGES OF ANY KIND (INCLUDING LOST PROFITS) REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT; TORT (INCLUDING NEGLIGENCE); STRICT PRODUCT LIABILITY OR OTHERWISE; EVEN IF GRACENOTE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Some states or jurisdictions do not allow the exclusion or limitation of incidental or consequential damages; so the above limitation or exclusion may not apply to you.
