CVE-2007-3150 Information

Description

Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript a www.google.com search IFRAME and a META HTTP-EQUIV=\refresh\ that targets a www.google.com search for a local .exe file which is displayed in the \results stored on your computer\ portion of the search results and when clicked invokes Google Desktop to execute this file.

Reference

http://ha.ckers.org/blog/20070531/google-desktop-0day/ http://ha.ckers.org/google-desktop-0day/ http://osvdb.org/40566