A remote code execution vulnerability exist in Baidu Soba's ActiveX Control "BaiduBar.dll". An attacker can execute arbitrary code on the affected system by exploiting this vulnerability.
- Baidu Soba 5.4
A remote attacker could construct a malicious request for the Baidu Soba Search Bar, including a link to download and a file to execute. This would result in the execution of abitrary code and allow full control of the affected system.
This vulnerability is due to improper sanitization of remotely supplied data.
- Users of Baidu Soba Search Bar should apply the vendor supplied updates.
- Fortinet Global Security Research Team