14 DAY TRIAL // Following the reports concerning a security flaw in Google Toolbar, a new vulnerability has been disclosed in Yahoo Toolbar, the browser add-on produced by the Sunnyvale company. The YShortcut.dll ActiveX control remote buffer overflow vulnerability affects only the 1.4.1 release of Yahoo Toolbar, but other versions might be vulnerable as well, SecurityFocus wrote in an advisory published today. Since there's no exploitation reported yet, there's no solution available at this time, but we expect a patch to fix the flaw anytime soon.
"YShortcut is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input", SecurityFocus wrote in the notification published today. "An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions."
Yahoo Toolbar is a browser add-on available for both Internet Explorer and Mozilla Firefox users, and it is supposed to add several utilities to the famous web-browsers. For example, the Yahoo application comes with a pop-up blocker, a search box, a bookmark utility, a spyware removal and an in-built anti-spy technology. In addition, Yahoo Toolbar incorporates shortcuts for faster access to Yahoo's services including email, search and maps.
Yahoo Toolbar is pretty popular among the Internet consumers, as it recorded no less than 37,437 downloads on Softpedia for the Internet Explorer version. The Firefox flavor brought only 11,699 hits. Google Toolbar is even more popular, as it recorded 56,822 downloads, while the Firefox version attracted 8,188 users.
Just like the Google release, Yahoo Toolbar comes with several customization options, which allow the consumers to add new content and organize it through a simple interface. In addition, the IE version comes with tab navigation, which is a pretty useful function especially for the users of older versions of the browser.