One thing that the security wonks seem to enjoy is the site LinkedIn. This is a networking site for professionals of various disciplines and security folks seem to gravitate to this one a fair bit. As a result, I figured it would be prudent to point to this security vulnerability from Secunia this morning with LinkedIn’s IE ActiveX control. It’s broken…badly.
From Secunia:
Description:
Jared DeMott and Justin Seitz have discovered a vulnerability in LinkedIn Internet Explorer Toolbar, which can be exploited by malicious people to compromise a user’s system.The vulnerability is caused due to an error within the IEToolbar.IEContextMenu.1 (LinkedInIEToolbar.dll) when handling the “Search()” method, which takes in a VARIANT as the “varBrowser” argument. This can be exploited to execute arbitrary code when a user e.g. visits a malicious website.
The vulnerability is confirmed in version 3.0.2.1098. Other versions may also be affected.
NOTE: Working exploit code is publicly available.
Solution:
Set the kill-bit for the affected ActiveX control.
[tags]LinkedIn, IE Toolbar, ActiveX Vulnerability[/tags]