With the popularity of social networking sites continuing to increase, they have become the target of online predators and criminals. Now VDA Labs researchers have found a vulnerability in the LinkedIn IE toolbar, version 3.x.

While the proof-of-concept code posted by researchers Jared DeMott and Justin Seitz on the VDA Labs website will not compromise a user’s system, security research firm Secunia classified the LinkedIn IE Toolbar security flaw as extremely critical. 

The vulnerability is caused due to an error within the IEToolbar.IEContextMenu.1 (LinkedInIEToolbar.dll) when handling the “Search()” method, which takes in a VARIANT as the “varBrowser” argument.

Thus, when a user visits a malicious website, hackers can exploit the user’s system through this security hole.

To block this security vulnerability, Seconia suggests to set the “kill-bit” for the affected ActiveX Control, but PC World’s Stuart Johnston cautions that doing so would entail editing the Windows Registry. If done incorrectly, users might damage the Windows installation and re-installation might be needed.

So, if you are an IE user who installed the LinkedIn Toolbar, better disable it now until such time that a patch is released.

Related:

Entry was posted on Tuesday, July 24th, 2007 at 5:21 pm under Uncategorized.

Read more entries by Arnold Zafra.
Stumble It!