Intrusion Prevention

AskJeeves.Toolbar.Settings.Plugin.ActiveX.Control.Heap.Overflow

Description

This indicates an attempt to exploit a stack based buffer overflow vulnerability in the "AskJeevesToolBar.SettingsPlugin.1" ActiveX control in askBar.dll, part of IAC Search&Media ask.com's Ask Toolbar. The vulnerability allows remote attackers to execute arbitrary code via a long "ShortFormat" property value.

Affected Products

Ask Jeeves, Ask.com Toolbar 4.0.2.53 and earlier.

Impact

System compromise: remote code execution.

Recommended Actions

Currently we are not aware of any vendor supplied patches for this issue.

CVE References

CVE-2007-5107