Vulnerabilities > CVE-2007-4105 - Remote Code Execution vulnerability in Baidu Soba Search BAR 5.4

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
baidu
critical
exploit available

Summary

A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion.

Vulnerable Configurations

Part Description Count
Application
Baidu
1

Exploit-Db

descriptionBaidu Soba Search Bar 5.4 BaiduBar.DLL ActiveX Control Remote Code Execution Vulnerability. CVE-2007-4105. Remote exploit for windows platform
idEDB-ID:30431
last seen2016-02-03
modified2007-07-29
published2007-07-29
reportercocoruder
sourcehttps://www.exploit-db.com/download/30431/
titleBaidu Soba Search Bar 5.4 BaiduBar.DLL ActiveX Control Remote Code Execution Vulnerability