Post Thu Jul 26, 2007 2:49 pm

LinkedIn Toolbar Remote (Client side) Exploit

LinkedIn Toolbar Remote (Client side) Exploit

Version: (LinkedInIEToolbar.dll)
How to Exploit

If a user, with the LinkedIn toolbar installed, is tricked into browsing a website that contains the above code -- game over. However, this Proof of Concept (PoC) code merely pops up the calc.exe application. The PoC was tested on XPSP2. Reliability was not tweaked as this is just a proof.

Discovered and Exploited By
Jared DeMott and Justin Seitz, VDA Labs

For original posting and exploit code:

Of course you don't have to stop using LinkedIn. You could simply disable or uninstall the toolbar. As they say, sometimes the best fix is the simplest one.

Kind of like... Doctor it hurts when I lift my arm like this, and the doctor says, then don't lift your arm like that.  :D