CVE-2007-1085 Information

Description

Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML and possibly gain full access to the system by using an XSS vulnerability in google.com to extract the signature for the internal web server then calling the \under\ parameter in Advanced Search with the proper signature.

Reference

http://osvdb.org/33483 http://securityreason.com/securityalert/2301 http://www.kb.cert.org/vuls/id/615857 http://www.securityfocus.com/archive/1/460735/100/0/threaded http://www.securityfocus.com/archive/1/460928/100/0/threaded http://www.securityfocus.com/bid/22650 http://www.securitytracker.com/id?1017686 http://www.watchfire.com/resources/Overtaking-Google-Desktop.pdf