Recently, a security vulnerability has been found within a limited number of our products. This is the first time we have been made aware of this security issue, and to date we have not received reports of any customers being affected by this issue. However we take all security issues very seriously and are therefore outlining how users can address this with the update below.
A security vulnerability has been found that exists in some versions of an ActiveX control for Gracenote CDDB lookup used in certain Sony software products listed below. This issue is not present in all versions of our standard software and is only present in certain versions of our current software. This "buffer overflow" vulnerability could allow an attacker to load malicious code onto a user's system and then execute the code.
This issue only affects the Sony software products listed below. Other Sony software products that utilizes Gracenote's CDDB features uses other software and does not contain this security issue.
Sony CONNECT Player
Sony SonicStage Ver.3.3/3.4
Sony SonicStage Mastering Studio Ver.2.1/2.2
The link on this page provides the program to install updated software on your computer to address this issue.
The installer is named GracenoteUpdateForSony.exe and is 2.9MB in size.
If your browser offers a RUN or OPEN option you may select it when you click the download link, otherwise please take note of the download location on your computer, for example C:\Download.
Once the download has completed, please run the installer to start the update of your Sony software.
When the installer has finished, it will prompt to restart your computer. Please click the Finish button. Your computer will reboot and the update process will be complete.
Click here to download the installer to your computer.
DISCLAIMER OF WARRANTIES: THE INFORMATION HERE AND THE INSTALLER IS BEING PROVIDED TO YOU "AS IS" WITHOUT WARRANTY OF ANY KIND. GRACENOTE DISCLAIMS ALL WARRANTIES WITH REGARD TO THE INFORMATION AND THE INSTALLER; EXPRESS OR IMPLIED; INCLUDING; WITHOUT LIMITATION; ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE; MERCHANTABILITY; MERCHANTABLE QUALITY OR NONINFRINGEMENT OF THIRD PARTY RIGHTS. Some states or jurisdictions do not allow the exclusion of implied warranties; so the above limitations may not apply to you.
LIMIT OF LIABILITY: IN NO EVENT WILL GRACENOTE BE LIABLE TO YOU FOR ANY LOSS OF USE; INTERRUPTION OF BUSINESS; OR ANY DIRECT; INDIRECT; SPECIAL; INCIDENTAL; OR CONSEQUENTIAL DAMAGES OF ANY KIND (INCLUDING LOST PROFITS) REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT; TORT (INCLUDING NEGLIGENCE); STRICT PRODUCT LIABILITY OR OTHERWISE; EVEN IF GRACENOTE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Some states or jurisdictions do not allow the exclusion or limitation of incidental or consequential damages; so the above limitation or exclusion may not apply to you.