There were no reports of active exploits, he said.
The client-side ActiveX flaw, which garnered Secunia's highest severity rating of "extremely critical," could have allowed an attacker to remotely execute arbitrary code. Users can be exploited when they visit a malicious website. The bug is caused by an error in the toolbar when handling the "Search () method."
One of the discovering researchers, Jared DeMott of Michigan-based VDA Labs, said he and his partner, Justin Seitz, decided to drop the vulnerability "0-day style' after officials at LinkedIn would not pay VDA for consulting fees or to purchase the flaw outright.
"We ultimately really want to protect the end-users," DeMott said in an email to SCMagazine.com on Wednesday. "And if a company won't spend money on security testing, they're not thinking about their end-users...Vendors should be responsible to consider the security of their users."
A spokeswoman for LinkedIn, which has more than 12 million members, said company policy is to not respond to such requests.
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
Digital NSW 2025 Showcase
_(1).jpg&h=140&w=231&c=1&s=0)
