Recently, a security vulnerability has been identified within the Gracenote® CDDB (CD Database) lookup service application utilized by certain versions of Sony music management software. The Gracenote CDDB lookup service provides music-related information such as artist, title and tracklist through the software. As of the date of this update, neither Sony nor Gracenote has received reports of any customers being adversely impacted by this issue. However, we take all security issues very seriously. If you use any of the Sony music management software listed below (e.g., in connection with a VAIO computer or with a Walkman® portable music player), we recommend that you download the Gracenote Update and install it on your PC.
What is the issue?
A security vulnerability (in this case known as a “buffer overflow”) has been identified in an ActiveX® control for the Gracenote CDDB lookup service. This vulnerability could allow an attacker to load malicious code onto a user’s system and then execute the code, potentially resulting in loss or misappropriation of data on your PC.
Affected Software Applications
Sony CONNECT Player
Sony SonicStage Ver.3.3/3.4
Sony SonicStage Mastering Studio Ver.2.1/2.2
Sony Do VAIO Ver.1.6
NOTE: If you do not have any of the specified versions of the Sony software applications listed above, this notice does not apply to you. Similarly, if you have SonicStage CP 4.0, you do not need to execute the update.
The installer is named GracenoteUpdateForSony.exe and is 2.9MB in size. If your browser offers a RUN or OPEN option you may select it when you click the download link, otherwise please take note of the download location on your computer, for example C:\Download. Once the download has completed, please run the installer to start the update of your Sony software. When the installer has finished, it will prompt to restart your computer. Please click the Finish button. Your computer will reboot and the update process will be complete.
Click here to download the installer to your computer.