Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5107

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-5107
Last Modified 07 Mar 2011 12:00:00
Published 26 Sep 2007 07:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5107

Summary

Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll in IAC Search & Media ask.com Ask Toolbar 4.0.2.53 and earlier allows remote attackers to execute arbitrary code via a long ShortFormat property value. NOTE: some of these details are obtained from third party information. NOTE: the researcher claims that this is the same as CVE-2007-5108, but there is insufficient detail for CVE-2007-5108 to be certain.

Vulnerable Systems

Application

  • Ask.com Ask Toolbar 4.0.2.53


References

XF - asktoolbar-shortformat-bo(36757)

VUPEN - ADV-2007-3265

BID - 25785

BUGTRAQ - 20070924 Re: New Zeroday published

MILW0RM - 4452

MISC - http://www.foxitsoftware.com/pdf/reader/security.htm

SECUNIA - 26960


Last Updated: 27 May 2016 10:46:04