Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Proof-of-concept for LinkedIn Toolbar Flaw (PC World)

  1. Home
  2. Tech News
  3. Proof-of-concept for LinkedIn Toolbar Flaw (PC World)

Proof-of-concept for LinkedIn Toolbar Flaw (PC World)

Social networking sites are all the rage these days. So it's no surprise that researchers and other hackers have been hard at work looking for ways to exploit weaknesses in popular social networking software that could be used to nefarious ends.

For instance, the folks at VDA Labs – short for Vulnerability Discovery and Analysis Labs – have found a security hole in the LinkedIn Internet Explorer Toolbar version 3.x that could be exploited to completely compromise your system.


Social networking sites are all the rage these days. So it's no surprise that researchers and other hackers have been hard at work looking for ways to exploit weaknesses in popular social networking software that could be used to nefarious ends.

For instance, the folks at VDA Labs – short for Vulnerability Discovery and Analysis Labs – have found a security hole in the LinkedIn Internet Explorer Toolbar version 3.x that could be exploited to completely compromise your system.

A little background: As software developers have repeatedly patched lower-level software such as Windows and browsers, which have been common avenues of attack for the past several years, hackers have moved up the "stack" to hunt for holes in things like browser add-ins and other applications. Frequently, this is done with the aid of automated tools for locating a lot of potential holes at once – tools called "fuzzers."

In fact, VDA Labs' developers are fuzzer specialists. They have found a way to use an ActiveX control – an add-in program for IE – that is part of the toolbar to breach your system security and do whatever the attacker wants. All you have to do is click on a malicious link.

VDA Labs has published a proof-of-concept exploit on their site that does not compromise your PC. But it does demonstrate the vulnerability by loading the Windows Calc.exe calculator accessory application.

Security researcher Secunia describes the bug as extremely critical. But here's the rub: the vendor hasn't yet posted a patch for the problem.

There is a short-term solution to block the vulnerability but it isn't pretty. To do it, you'll need to set the "kill bit" for the affected LinkedIn ActiveX control. And how to do that? Well, it's a process where you have to edit the Windows Registry, which is not for the faint of heart or the klutzy (like me). If you make an error editing the Registry, you could end up in a situation (worst case) where you have to completely reinstall Windows and all of your apps. So be forewarned.

Microsoft does provide instructions as to how to set kill bits, as well as how to edit the Windows Registry. Personally, I'd just rather uninstall the toolbar until there's a patch.

17 years ago
Posted by ghostghost
Comments
ghost's avatar
ghost 17 years ago

wow, scary stuff

ghost's avatar
ghost 17 years ago

Dude, someone has already rooted youtube. The names"1Nv173" or something. Dude is taking credit. He also said that it took only two days work.