Critical hole in Ask.com search engine toolbar


According to reports, the toolbar (askBar.dll) of the Ask.com search engine contains a critical security hole, which can be exploited to gain control over a Windows PC if the victim surfs the web with administration privileges. Merely visiting a manipulated web site might be the only requirement for falling victim to a successful attack. Now a public exploit has been made available.

The first information on the hole was offered on WabiSabiLabi, an auction platform where vulnerabilities and exploits can be traded, but soon detailed information and an exploit were published on Bugtraq, and so the auction is now redundant. For some weeks, opponents of the exploit marketplace have published information and exploits on traded holes free of charge. heise Security - News - Critical hole in Ask.com search engine toolbar

Linked by shanmuga Sunday, 30th September 2007 1:47AM