In association with heise online

25 September 2007, 14:12

Critical hole in search engine toolbar

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to reports, the toolbar (askBar.dll) of the search engine contains a critical security hole, which can be exploited to gain control over a Windows PC – if the victim surfs the web with administration privileges. Merely visiting a manipulated web site might be the only requirement for falling victim to a successful attack. Now a public exploit has been made available.

The first information on the hole was offered on WabiSabiLabi, an auction platform where vulnerabilities and exploits can be traded, but soon detailed information and an exploit were published on Bugtraq, and so the auction is now redundant. For some weeks, opponents of the exploit marketplace have published information and exploits on traded holes free of charge.

The current hole affects only the Internet Explorer versions of the toolbar prior and including The vulnerability depends on a buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control. No update has been provided; as a workaround, users can set the kill bit for the ActiveX control (CLSID 5A074B2B-F830-49de-A31B-5BB9D7F6B407) to prevent Internet Explorer activating this control.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit