Gracenote® Security Update for Sony
Recently, a security vulnerability has been identified within the Gracenote® CDDB (CD Database) lookup service application utilized by certain versions of Sony music management software. The Gracenote CDDB lookup service provides music-related information such as artist, title and tracklist through the software. As of the date of this update, neither Sony nor Gracenote has received reports of any customers being adversely impacted by this issue. However, we take all security issues very seriously. If you use any of the Sony music management software listed below (e.g., in connection with a VAIO computer or with a Walkman® portable music player), we recommend that you download the Gracenote Update and install it on your PC.
What is the issue?
A security vulnerability (in this case known as a “buffer overflow”) has been identified in an ActiveX® control for the Gracenote CDDB lookup service. This vulnerability could allow an attacker to load malicious code onto a user’s system and then execute the code, potentially resulting in loss or misappropriation of data on your PC.
Affected Software Applications
Sony CONNECT Player
Sony SonicStage Ver.3.3/3.4
Sony SonicStage Mastering Studio Ver.2.1/2.2
Sony Do VAIO Ver.1.6
NOTE: If you do not have any of the specified versions of the Sony software applications listed above, this notice does not apply to you. Similarly, if you have SonicStage CP 4.0, you do not need to execute the update.
DOWNLOAD PROCEDURE
The installer is named GracenoteUpdateForSony.exe and is 2.9MB in size. If your browser offers a RUN or OPEN option you may select it when you click the download link, otherwise please take note of the download location on your computer, for example C:\Download. Once the download has completed, please run the installer to start the update of your Sony software. When the installer has finished, it will prompt to restart your computer. Please click the Finish button. Your computer will reboot and the update process will be complete.
Click here to download the installer to your computer.
I downloaded this the other day in good faith and now I can barely open CONNECT before it reports a fault and closes again. How can I remove this update?
Bloody hell, is there anything hackers can’t hack?
i’ve been having problems opening and running my connect player due to ‘tinyhttp’. its got to the point were connect starts to load, then it stops and says that tinyhttp (a part of gracenote) is experiencing problems where it then closes. i cant access it at all and cannot put new music on my mp3. i too downloaded this update and nothing has changed. ive tried reinstalling the whole connect program and that doesnt work either. how can i get my connect player to work?