CVE-2007-3150

Currently unrated

Key Information:

Vendor: Google
Status: Desktop
Vendor: CVE Published:; 11 June 2007

Summary

Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results stored on your computer" portion of the search results, and when clicked invokes Google Desktop to execute this file.

References

http://osvdb.org/40566

vdb-entryx_refsource_OSVDB

http://ha.ckers.org/blog/20070531/google-desktop-0day/

x_refsource_MISC

http://ha.ckers.org/google-desktop-0day/

x_refsource_MISC

Timeline

Vulnerability published
Jun 11, 2007
Vulnerability Reserved
Jun 11, 2007

Collectors

NVD DatabaseMitre Database