Post Thu Jul 26, 2007 2:49 pm

LinkedIn Toolbar Remote (Client side) Exploit

LinkedIn Toolbar Remote (Client side) Exploit

----------------------------------------------------
Version: 3.0.2.1098 (LinkedInIEToolbar.dll)
How to Exploit
-----------------

If a user, with the LinkedIn toolbar installed, is tricked into browsing a website that contains the above code -- game over. However, this Proof of Concept (PoC) code merely pops up the calc.exe application. The PoC was tested on XPSP2. Reliability was not tweaked as this is just a proof.

Discovered and Exploited By
--------------------------------
Jared DeMott and Justin Seitz, VDA Labs


For original posting and exploit code:
http://www.vdalabs.com/tools/linkedin.html

Of course you don't have to stop using LinkedIn. You could simply disable or uninstall the toolbar. As they say, sometimes the best fix is the simplest one.

Kind of like... Doctor it hurts when I lift my arm like this, and the doctor says, then don't lift your arm like that.  :D

Don
CISSP, MCSE, CSTA, Security+ SME