Popular lyrics site Songlyrics.com was discovered to be delivering attack code which could open up visitors to remote code execution attacks, several news outlets reported Thursday. The exploit was discovered by researcher Tavis Ormandy last week and reported. Songlyrics.com has taken action to remove the offending code from its website.
Ormandy and partner Ruben Santamarta said it was easy to exploit the issue, and AVG researcher Roger Thompson has called upon Oracle to patch the issue as soon as possible. However, according to the Register, the company has neither answered their requests for comment, nor confirmed the exploit exists at all.