Description: Two vulnerabilities were reported in the AtHoc Toolbar plug-in for Microsoft Internet Explorer. A remote user can execute arbitrary code.

NGSSoftware reported that there is a buffer overflow and a format string flaw in the toolbar software. A remote user can execute arbitrary code on the target user's system with the privileges of the target user.

The affected software is distributed by eBay, Accenture, ThomasRegister, ThomasRegional, Juniper Networks, WiredNews, CarFax, and Agile PLM.

Additional details will not be dislcosed by NGSSoftware until January 2005.

Impact: A remote user can execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
Solution: The vendor has released a fixed version.

http://www.securitytracker.com/alerts/2004/Oct/1011554.html