PT-2007-6203 · Iac Search & Media · Ask Toolbar

Joey Mengele

Published

2007-09-26

Updated

2018-10-15

CVE-2007-5107

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IAC Search & Media ask.com Ask Toolbar versions 4.0.2.53 and earlier

Description The issue is related to a stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll. This allows remote attackers to execute arbitrary code via a long ShortFormat property value.

Recommendations For versions 4.0.2.53 and earlier, consider disabling the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll to prevent exploitation until a fix is available. Restrict access to the ShortFormat property to minimize the risk of arbitrary code execution.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2007-5107

Affected Products

Ask Toolbar

PT-2007-6203 · Iac Search & Media · Ask Toolbar

CVE-2007-5107

Weakness Enumeration

Related Identifiers

Affected Products

References · 10