Published: 23/02/2007 Updated: 16/10/2018

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

VMScore: 765

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Cross-site scripting (XSS) vulnerability in Google Desktop allows remote malicious users to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google desktop

source: wwwsecurityfocuscom/bid/22650/info Google Desktop is prone to a cross-site scripting weakness because the application fails to properly sanitize user-supplied input Successful attacks must exploit this weakness in conjunction with a latent cross-site scripting vulnerability in the 'googlecom' domain Attackers may leverage thi ...

NVD-CWE-Other http://www.watchfire.com/resources/Overtaking-Google-Desktop.pdf http://www.kb.cert.org/vuls/id/615857 http://www.securityfocus.com/bid/22650 http://www.securitytracker.com/id?1017686 http://securityreason.com/securityalert/2301 http://osvdb.org/33483 http://www.securityfocus.com/archive/1/460928/100/0/threaded http://www.securityfocus.com/archive/1/460735/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/29623/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-1085

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect