Update Protection against Yahoo! Toolbar URL Shortcut ActiveX Control Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2008-008 | |
| Date Published: | ||
| Severity: | ||
| Source: | ISS X-Force Databse: 39155 | |
| Industry Reference(s): | CVE-2007-6535 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Yahoo! Yahoo! Toolbar 1.4.1 and prior Yahoo! Widgets 4.5.1 and prior Yahoo! Messenger 8.1.0.421 and prior | ||
| Vulnerability Description A buffer overflow vulnerability was reported in Yahoo! Toolbar. Yahoo! Toolbar is a pop-up blocker for Firefox and Internet Explorer that allows instant access to several Yahoo! features. By convincing a user to visit a specially crafted web page, a remote attacker may trigger this vulnerability to execute arbitrary code on an affected system. |
||
|
Vulnerability Details This vulnerability is due to boundary errors in the Yahoo! Toolbar YShortcut ActiveX Control. To trigger this issue, an attacker may create a malicious web page that will exploit the ActiveX Control flaws. Successful exploitation may allow execution of arbitrary code on the vulnerable system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block the vulnerability in the ActiveX Control. Depending on the traffic mix, activating this protection may result in performance degradation.
In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.