Vulnerability in Toolbar Deemed Serious

A new report spells doom for, a search engine that is 11 year old and a name in the global search business where the likes of Google, Yahoo and MSN hold sway.

Security advisories have found vulnerability in's toolbar for the IE (Internet Explorer) that may allow an attacker to take control of a user's computer.

An advisory posting by security vendor Secunia APS revealed that a boundary fault in the askBar.dll (AskJeevesToolBar.SettingsPlugin.1 ActiveX control) in handling the "ShortFormat" property is responsible for the vulnerability, rating the flaw as severely critical - the second most dangerous rating. On assigning an excess string of 500 bytes to affected property, it can be exploited to result in a stock-based buffer overflow.

With successful exploitation, an arbitrary code can be executed. Version 4.0.2 confirms the vulnerability, while other versions also might be influenced.

An individual by the name of Joey Mengele is supposed to have detected the flaw. The proof-of-concept exploitation codes for the flaws had been posted publicly on some other revelation forums.

Located below the address bar, the toolbar is capable of carrying out searches category-wise including weather details, stock quotes, personal desktop searches and regular Web searches.

WabiSabi Labi, a Swiss company specializing in vulnerability information, was continuing its auction of the toolbar problem for as low as €500 ($705) despite no bids being listed, on 25 September 2007 afternoon local time.

The auction has affected security analysts, as they believe that the companies ought to be discreetly intimidated of the vulnerabilities to enable them to patch the software to save the users from the danger. The company continues that security researchers must be rewarded for their efforts.

TechWhack quoted Nicholas Graham, Vice-President and Spokesperson for, as saying that takes security matters very seriously. They were informed of the buffer overflow matter in the IE toolbar of, and had worked hard to fix it. On 26 September 2007, they released fix for the flaw, and all the users of the toolbar were automatically informed of the update. In addition to that, they posted information online through the FAQ site of their IE toolbar that informed the users of toolbar about the issue and the fix. No exploits had occurred again.

Related article: Vulnerabilities in Web Applications Invite Hackers’ Activities

» SPAMfighter News - 15-10-2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page