CVE-2007-5108

Ask.com Toolbar - Unspecified Remote Vulnerability

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5108. PoCs published by Joey Mengele.

AI-analyzed exploit summary This exploit leverages a heap spray technique to trigger a buffer overflow in the AskJeevesToolBar ActiveX control, leading to arbitrary code execution. The shellcode launches the system calculator as a demonstration.

Description

Unspecified vulnerability in IAC Search & Media ask.com toolbar has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. NOTE: this might be the same issue as CVE-2007-5107.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Joey Mengele · htmlremotewindows
https://www.exploit-db.com/exploits/4452

This exploit leverages a heap spray technique to trigger a buffer overflow in the AskJeevesToolBar ActiveX control, leading to arbitrary code execution. The shellcode launches the system calculator as a demonstration.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: AskJeevesToolBar.SettingsPlugin.1
No auth needed
Prerequisites: Victim must visit a malicious webpage · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/480459/100/0/threaded

Scores

EPSS 0.0250
EPSS Percentile 82.6%

Details

Status published
Products (1)
ask.com/ask_toolbar
Published Sep 26, 2007
Tracked Since Feb 18, 2026