Critical hole in a toolbar from LinkedIn
Users of LinkedIn, a social networking site, could be exposing their PCs to Trojans if the LinkedIn toolbar for Internet Explorer is installed on their systems. While security service provider VDALabs, who has detected this vulnerability, has only published a rather short advisory, a demo is provided to reveal the problem with the toolbar. When tested heise Security, the exploit only launched the Windows calculator before crashing the browser. Changing the shell code would, however, allow attackers to inject a Trojan or open a backdoor.
The problem is caused by a buffer overflow in the search functionality of the ActiveX control (LinkedInIEToolbar.dll). The vulnerability affects the current version 220.127.116.118. Prior versions may also be affected. No update has been released yet. VDALabs provides no information on whether LinkedIn, which claims to have 12 million users worldwide, has been notified of the problem. Users are advised to set the kill bit for the control (CLSID 0F2437D6-C4E4-42CA-A906-F506E09354B7) as a workaround so it cannot be loaded by a web page or to simply uninstall the toolbar. Disabling the control through the "Manage Add-ons" option does not provide any protection, since this does not prevent web pages from reloading the control at a later point in time.
- LinkedIn Toolbar Remote (Client side) Exploit, security advisory by VDALabs