Jared DeMott and Justin Seitz have discovered a vulnerability in LinkedIn Internet Explorer Toolbar, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error within the IEToolbar.IEContextMenu.1 (LinkedInIEToolbar.dll) when handling the "Search()" method, which takes in a VARIANT as the "varBrowser" argument. This can be exploited to execute arbitrary code when a user e.g. visits a malicious website.
The vulnerability is confirmed in version 3.0.2.1098. Other versions may also be affected.
NOTE: Working exploit code is publicly available.
Solution:
Set the kill-bit for the affected ActiveX control.
Provided and/or discovered by:
Jared DeMott and Justin Seitz, VDA Labs
Original Advisory:
http://www.vdalabs.com/tools/linkedin.html
---------------------------------
Now that is Professional Pwnage (pun intended).
No comments:
Post a Comment