1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: AskJeeves Toolbar Plugin ActiveX

Web Attack: AskJeeves Toolbar Plugin ActiveX

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a buffer overflow vulnerability by passing long arguments into a method of AskJeeves Toolbar Settings Plugin ActiveX control.

Additional Information

AskJeeves Toolbar is a customizable toolbar designed for web browsers.

The application's SettingsPlugin ActiveX control is prone to a heap-based remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.

The vulnerability affects the 'ShortFormat' method.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Affected

  • AskJeeves Toolbar

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube