Joey Mengele

**Name of the Vulnerable Software and Affected Versions** IAC Search & Media ask.com Ask Toolbar versions 4.0.2.53 and earlier **Description** The issue is related to a stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll. This allows remote attackers to execute arbitrary code via a long `ShortFormat` property value. **Recommendations** For versions 4.0.2.53 and earlier, consider disabling the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll to prevent exploitation until a fix is available. Restrict access to the `ShortFormat` property to minimize the risk of arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** SurgeMail version 38k **Description** The issue is related to a stack-based buffer overflow in the IMAP service, allowing remote authenticated users to execute arbitrary code by providing a long argument to the `SEARCH` command. **Recommendations** For SurgeMail version 38k, consider disabling the IMAP service until a patch is available to prevent potential exploitation. Restrict access to the `SEARCH` command to minimize the risk of arbitrary code execution.

Name of the Vulnerable Software and Affected Versions: Mike Dubman Windows RSH daemon (rshd) version 1.7 Description: A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a long string to the shell port (514/tcp). Recommendations: For version 1.7, consider disabling the service or restricting access to the shell port (514/tcp) until a patch is available.