Cross-site Scripting Vulnerability in Google Desktop by Google
CVE-2007-1085

Currently unrated

Key Information:

Vendor: Google
Status: Desktop
Vendor: CVE Published:; 23 February 2007

What is CVE-2007-1085?

A cross-site scripting (XSS) vulnerability in Google Desktop enables remote attackers to execute arbitrary web scripts or HTML on user systems. This is achieved by exploiting an XSS flaw in google.com that allows attackers to extract the internal web server's signature. By manipulating the 'under' parameter in an Advanced Search, attackers can successfully bypass protective measures, potentially leading to unauthorized access to user systems.

References

http://www.securitytracker.com/id?1017686

vdb-entryx_refsource_SECTRACK

http://www.watchfire.com/resources/Overtaking-Google-Desk...

x_refsource_MISC

http://www.securityfocus.com/archive/1/460735/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

10% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 23, 2007
Vulnerability Reserved
Feb 22, 2007