Vulnerability Note VU#615857
Google Desktop vulnerable to cross-site scripting
A cross-site scripting vulnerability exists in the Google Desktop Search application. This vulnerability may allow an attacker to take any action on a vulnerable system that the Google Desktop Search can.
Google Desktop Search is a desktop search program that is integrated into the Google search engine. Google Desktop Search indexes the user's local hard drive, and allows the results to be searched from a browser.
The Google Desktop Search program contains a cross-site scripting vulnerability in the under parameter. This vulnerability occurs because the Google Desktop Search engine fails to properly sanitize user input.
A remote unauthenticated attacker may be able to perform any action that the Google Desktop Search engine is capable of performing. This includes executing programs that are already on a vulnerable system, searching and viewing files and exfiltrating sensitive data.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Affected||-||22 Feb 2007|
CVSS Metrics (Learn More)
Thanks to Yair Amit, Danny Allan, and Adi Sharabani for providing information that was used in this report.
This document was written by Ryan Giobbi.
- CVE IDs: Unknown
- Date Public: 21 Feb 2007
- Date First Published: 22 Feb 2007
- Date Last Updated: 27 Feb 2007
- Severity Metric: 0.52
- Document Revision: 53
If you have feedback, comments, or additional information about this vulnerability, please send us email.