PT-2007-6203 · Iac Search & Media · Ask Toolbar

Joey Mengele

Publicado

2007-09-26

Atualizado

2018-10-15

CVE-2007-5107

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IAC Search & Media ask.com Ask Toolbar versions 4.0.2.53 and earlier

Description The issue is related to a stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll. This allows remote attackers to execute arbitrary code via a long ShortFormat property value.

Recommendations For versions 4.0.2.53 and earlier, consider disabling the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll to prevent exploitation until a fix is available. Restrict access to the ShortFormat property to minimize the risk of arbitrary code execution.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2007-5107

Produtos afetados

Ask Toolbar

PT-2007-6203 · Iac Search & Media · Ask Toolbar

CVE-2007-5107

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10