Ask.com says they've fixed a critical bug in their toolbar, discovered by Joey Mengele and reported earlier this week.
It's a pretty serious stack overflow bug, according to Secunia:
The vulnerability is caused due to a boundary error in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control (askBar.dll) when handling the "ShortFormat" property. This can be exploited to cause a stack-based buffer overflow by assigning an overly long (greater than 500 bytes) string to the affected property.
Successful exploitation allows execution of arbitrary code.
Proof of concept code for this bug is still being offered on the WabiSabiLabi marketplace as I write this, but it doesn't look like there have been any takers. In fact, I don't see any bids for the 16 bugs being auctioned on the site. Is anyone actually paying for this stuff?
Here's the statement from their spokesman:
"Ask.com takes security very seriously. We were notified of a buffer overflow issue in the Ask.com IE toolbar, and worked aggressively to resolve it. On Wednesday, we released the fix, and all Ask.com toolbar users were automatically notified of the update. In addition, we posted information online via our IE toolbar FAQ site that informed Ask.com toolbar users of the issue and the resolution. Again, no exploits were known to have occurred."
- Nicholas Graham, Spokesperson, Ask.com
"Ask.com Fixes Toolbar Flaw" Comments