Remote Code Execution Vulnerability in Baidu Soba Search Bar by Baidu
CVE-2007-4105

Currently unrated

Key Information:

Vendor: Baidu
Status: Soba Search Bar
Vendor: CVE Published:; 31 July 2007

What is CVE-2007-4105?

The Baidu Soba Search Bar version 5.4 contains an ActiveX control vulnerability within the BaiduBar.dll file. This flaw allows remote attackers to execute arbitrary code on the user's machine by crafting a malicious request that includes a link to download an executable file. Proper sanitation of user input and download requests is imperative to mitigate the risk associated with this vulnerability.

References

http://www.securityfocus.com/archive/1/475320/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/26256

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/35692

vdb-entryx_refsource_XF

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2007
Vulnerability Reserved
Jul 31, 2007