X
Tech
Home Tech Security

Critical ActiveX flaw haunts LinkedIn toolbar

Exploit code for an "extremely critical" LinkedIn Toolbar vulnerability has been posted on the Internet, putting users at risk of PC takeover attacks.
Written by Ryan Naraine, Contributor
The flaw, which is not yet patched, was discovered by researchers at VDA Labs. A proof-of-concept demo has been released to show how a PC can be hijacked if a LinkedIn toolbar user is lured to a booby-trapped Web site.

The toolbar is marketed by the social network site to let users search LinkedIn directly from the browser and is available for both Internet Explorer and Firefox.

The vulnerability only affects IE versions of the toolbar.

A Secunia advisory offers details of the bug:

The vulnerability is caused due to an error within the IEToolbar.IEContextMenu.1 (LinkedInIEToolbar.dll) when handling the "Search()" method, which takes in a VARIANT as the "varBrowser" argument. This can be exploited to execute arbitrary code when a user visits a malicious website. The vulnerability is confirmed in version 3.0.2.1098. Other versions may also be affected.

In the absence of a patch, Secunia recommends setting the kill-bit for the affected ActiveX control. Or, better yet, uninstall the LinkedIn Toolbar.

Editorial standards
Show Comments

Related

logi-ai-prompt-builder-mx-setup

Logitech mouse and keyboard users are getting a free AI upgrade

Placeholder product image alt text

The best AI image generators to try right now

GOTRAX 4 electric scooter

The most charming projector I've tested has now replaced my TV for movie nights