A policy bypass situation may occur when Yahoo! Toolbar is installed on a Windows host. More specifically, the installation of Yahoo! Toolbar changes the security context of the Internet Explorer 6 in a way that it allows the execution of "Run" method of the "WScript.Shell" from a remote web page.

This can be leveraged by remote attackers to execute arbitrary commands on the target host via enticing the target user to open a crafted HTML page. The commands would run within the security context of the logged in user.

• Yahoo! Messenger 10.x and prior
• Yahoo! Toolbar 2.1 and possibly prior
• Yahoo! Widgets 4.5 and prior

• Access vector is NETWORK
• Access complexity is MEDIUM
• Level of authentication required is NONE
• Impact of this vulnerability on data confidentiality is PARTIAL
• Impact of this vulnerability on data integrity is PARTIAL
• Impact of this vulnerability on data availability is PARTIAL

• The exploitability level of this vulnerability is PROOF OF CONCEPT
• The remediation level of this vulnerability is UNAVAILABLE
• The report confidence level of this vulnerability is UNCONFIRMED