Security Bytes

Jul 24 2007   7:45AM GMT

Popular LinkedIn toolbar mired by critical flaw

Robert Westervelt Robert Westervelt Profile: Robert Westervelt


Security researchers have discovered a flaw in a toolbar issued by the popular business networking site LinkedIn that could allow an attacker to conduct a denial of service attack or take complete control of an affected system.

The LinkedIn toolbar is used in conjunction with Microsoft Internet Explorer to conduct a search for contacts and connect users to the LinkedIn network.

Danish vulnerability clearinghouse Secunia rated the flaw “highly critical” in its SA26181 advisory because attackers can exploit the flaw remotely. A working exploit code is publicly available and the flaw remains unpatched, Secunia said.

According to the researchers that discovered the flaw, Jared DeMott and Justin Seitz, of Rockford, Mich.-based VDA Labs, the flaw can be easily exploited.

“If a user, with the LinkedIn toolbar installed, is tricked into browsing a website that contains the above code — game over,” the researchers said in their advisory.

The French Security Incident Response Team (FrSIRT) said the issue is caused by a buffer overflow error in the toolbar ActiveX control when processing malformed arguments passed to the “search()” method.

The research firms said users can set the kill-bit for the affected ActiveX control as a temporary workaround until a patch is released.

Technorati Tags: , ,

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: