News Stay informed about the latest enterprise technology news and product updates.

Popular LinkedIn toolbar mired by critical flaw

Security researchers have discovered a flaw in a toolbar issued by the popular business networking site LinkedIn that could allow an attacker to conduct a denial of service attack or take complete control of an affected system.

The LinkedIn toolbar is used in conjunction with Microsoft Internet Explorer to conduct a search for contacts and connect users to the LinkedIn network.

Danish vulnerability clearinghouse Secunia rated the flaw “highly critical” in its SA26181 advisory because attackers can exploit the flaw remotely. A working exploit code is publicly available and the flaw remains unpatched, Secunia said.

According to the researchers that discovered the flaw, Jared DeMott and Justin Seitz, of Rockford, Mich.-based VDA Labs, the flaw can be easily exploited.

“If a user, with the LinkedIn toolbar installed, is tricked into browsing a website that contains the above code — game over,” the researchers said in their advisory.

The French Security Incident Response Team (FrSIRT) said the issue is caused by a buffer overflow error in the toolbar ActiveX control when processing malformed arguments passed to the “search()” method.

The research firms said users can set the kill-bit for the affected ActiveX control as a temporary workaround until a patch is released.

Technorati Tags: , ,

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.