14 DAY TRIAL // Following the recent reports sustaining that Ask.com's Toolbar contains a security flaw which might enhance hackers' attacks, the parent company struggled to discover and patch the security hole in no time. Ask.com proudly announced today that its toolbar was patched and you're now protected if you use it in your browser. Secunia rated the flaw as highly critical, sustaining that "the vulnerability is caused due to a boundary error in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control (askBar.dll) when handling the "ShortFormat" property. This can be exploited to cause a stack-based buffer overflow by assigning an overly long (greater than 500 bytes) string to the affected property."
A few days ago, there was no easy solution to avoid successful exploitations of the flaw but now all you need to do is to update your application to the latest version. According to the parent company and developer of the toolbar, there was no attack reported so I guess the hackers didn't try to exploit the security flaw.
"Ask.com takes security very seriously. We were notified of a buffer overflow issue in the Ask.com IE toolbar, and worked aggressively to resolve it. On Wednesday, we released the fix, and all Ask.com toolbar users were automatically notified of the update. In addition, we posted information online via our IE toolbar FAQ site that informed Ask.com toolbar users of the issue and the resolution. Again, no exploits were known to have occurred," Nicholas Graham, Spokesperson, Ask.com, said for the folks from PC World.
In case you don't know, the Ask.com toolbar is a pretty nice browser add-on which can improve your browsing experience if you really need one-click access to the company technologies. Just like the competitors' toolbars, Google and Yahoo, Ask.com's product allows you to access the company's technologies in a matter of seconds.