CVE-2007-1085

Currently unrated

Key Information:

Vendor: Google
Status: Desktop
Vendor: CVE Published:; 23 February 2007

Summary

Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature.

References

http://www.securitytracker.com/id?1017686

vdb-entryx_refsource_SECTRACK

http://www.watchfire.com/resources/Overtaking-Google-Desk...

x_refsource_MISC

http://www.securityfocus.com/archive/1/460735/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

3% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 23, 2007
Vulnerability Reserved
Feb 22, 2007

Collectors

NVD DatabaseMitre Database