|
|
Info |
Last Modified |
| 10 months ago |
|
|
|
|
Description |
Googe Desktop Search contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. It is possible for a remote attacker to create a specially crafted URL, that when loaded by a target user that has Google Desktop Search installed, will execute scripting code which will be executed by the target user's browser. The code will originate from the Google site and will run in the security context of that site. The resulting impact is that the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Hijacking,
Information Disclosure,
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Technical |
Googe Desktop Search contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
|
|
Products |
|
Desktop
 |
All |
|
|
|
|
|
Credit |
- Salvatore Aranzulla - aranzulla2
 cheapnet.it -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
