Critical vulnerability found in Ask.com toolbar for IE

A vulnerability in Ask.com's toolbar for Internet Explorer could allow an attacker to take control of a person's computer, according to security advisories. The problem concerns a buffer overflow flaw in the toolbar and involves an ActiveX control, according to an advisory posted by security vendor Secunia APS, which rated the problem as "highly critical," […]

A vulnerability in Ask.com's toolbar for Internet Explorer could allow an attacker to take control of a person's computer, according to security advisories.

The problem concerns a buffer overflow flaw in the toolbar and involves an ActiveX control, according to an advisory posted by security vendor Secunia APS, which rated the problem as "highly critical," its second most severe rating. It affects version 4.0.2 of the toolbar and possibly others.

Proof-of-concept exploit code for the vulnerability has been publicly posted on other disclosure forums, with a person named "Joey Mengele" credited with finding the flaw. Ask.com officials contacted in London were not immediately able to comment.

The Ask.com toolbar sits below the address bar and can perform a variety of category-specific searches, such as weather information, stock quotes, or search a person's desktop as well as regular Web searching.

As of Tuesday afternoon local time, WabiSabi Labi, a Swiss company that specializes in selling vulnerability information, was still auctioning the Ask.com toolbar problem for minimum of €500 ($705), although no bids were listed.

WabiSabi Labi's auctioning of security vulnerabilities has caused a stir among security analysts who believe software companies should be discreetly notified of vulnerabilities and allowed to patch the software so as to not put users in danger. The company maintains security researchers should be rewarded for their work.

Vulnerability, Flaw, Bug, Exploit, Ask.com, Toolbar, IE, Internet Explorer, Buffer overflow, ActiveX

Source:→ InfoWorld