AskJeeves Toolbar Settings Plugin ActiveX Control Remote Heap Based Buffer Overflow Vulnerability
BID:25785
Info
AskJeeves Toolbar Settings Plugin ActiveX Control Remote Heap Based Buffer Overflow Vulnerability
| Bugtraq ID: | 25785 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5107 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 24 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | Joey Mengele is credited with the discovery of this issue. |
| Vulnerable: |
AskJeeves Toolbar |
| Not Vulnerable: | |
Discussion
AskJeeves Toolbar Settings Plugin ActiveX Control Remote Heap Based Buffer Overflow Vulnerability
AskJeeves Toolbar Settings Plugin ActiveX control is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
AskJeeves Toolbar Settings Plugin ActiveX control is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Exploit / POC
AskJeeves Toolbar Settings Plugin ActiveX Control Remote Heap Based Buffer Overflow Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted web page.
Reports indicate that this issue is being exploited in the wild.
The following exploits are available:
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted web page.
Reports indicate that this issue is being exploited in the wild.
The following exploits are available:
Solution / Fix
AskJeeves Toolbar Settings Plugin ActiveX Control Remote Heap Based Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
AskJeeves Toolbar Settings Plugin ActiveX Control Remote Heap Based Buffer Overflow Vulnerability
References:
References:
- Toolbar Homepage (Ask.com)
- New Zeroday published (Joey Mengele)