Fortinet Global Security Research Team Discovers A Vulnerability Affecting Baidu Soba Search Bar.

Summary:

A remote code execution vulnerability exist in Baidu Soba's ActiveX Control "BaiduBar.dll". An attacker can execute arbitrary code on the affected system by exploiting this vulnerability.

Risk:

  • Critical

Affected Software:

  • Baidu Soba 5.4

Additional Information:

A remote attacker could construct a malicious request for the Baidu Soba Search Bar, including a link to download and a file to execute. This would result in the execution of abitrary code and allow full control of the affected system.

This vulnerability is due to improper sanitization of remotely supplied data.

Solution:

  • Users of Baidu Soba Search Bar should apply the vendor supplied updates.

Credits:

  • Fortinet Global Security Research Team

References: