Lucene search

[email protected]CVE-2007-5107

HistorySep 26, 2007 - 11:17 p.m.

CVE-2007-5107

2007-09-2623:17:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2007-5107

askjeevestoolbar

buffer overflow

activex

ask.com

ask toolbar

iac search & media

code execution

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.923 High

EPSS

Percentile

99.0%

JSON

Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll in IAC Search & Media ask.com Ask Toolbar 4.0.2.53 and earlier allows remote attackers to execute arbitrary code via a long ShortFormat property value. NOTE: some of these details are obtained from third party information. NOTE: the researcher claims that this is the same as CVE-2007-5108, but there is insufficient detail for CVE-2007-5108 to be certain.

Affected configurations

NVD

Node

ask.comask_toolbarRange≤4.0.2.53

CPENameOperatorVersion
ask.com:ask_toolbarask.com ask toolbarle4.0.2.53

CPE	Name	Operator	Version
ask.com:ask_toolbar	ask.com ask toolbar	le	4.0.2.53

References

secunia.com/advisories/26960

www.foxitsoftware.com/pdf/reader/security.htm

www.securityfocus.com/archive/1/480459/100/0/threaded

www.securityfocus.com/bid/25785

www.vupen.com/english/advisories/2007/3265

exchange.xforce.ibmcloud.com/vulnerabilities/36757

www.exploit-db.com/exploits/4452

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.923 High

EPSS

Percentile

99.0%

JSON

Related for CVE-2007-5107

cve1 prion2 cvelist2 nvd2 checkpoint_advisories1 nessus1 packetstorm1