Critical ActiveX flaw haunts LinkedIn toolbar
The toolbar is marketed by the social network site to let users search LinkedIn directly from the browser and is available for both Internet Explorer and Firefox.
The vulnerability only affects IE versions of the toolbar.
A Secunia advisory offers details of the bug:
The vulnerability is caused due to an error within the IEToolbar.IEContextMenu.1 (LinkedInIEToolbar.dll) when handling the "Search()" method, which takes in a VARIANT as the "varBrowser" argument. This can be exploited to execute arbitrary code when a user visits a malicious website. The vulnerability is confirmed in version 3.0.2.1098. Other versions may also be affected.
In the absence of a patch, Secunia recommends setting the kill-bit for the affected ActiveX control. Or, better yet, uninstall the LinkedIn Toolbar.