1. CVE-Search
  2. CVE-2002-1442
ID CVE-2002-1442
Summary The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check.
References
Vulnerable Configurations
  • cpe:2.3:a:google:toolbar:1.1.41:*:*:*:*:*:*:*
    cpe:2.3:a:google:toolbar:1.1.41:*:*:*:*:*:*:*
  • cpe:2.3:a:google:toolbar:1.1.42:*:*:*:*:*:*:*
    cpe:2.3:a:google:toolbar:1.1.42:*:*:*:*:*:*:*
  • cpe:2.3:a:google:toolbar:1.1.43:*:*:*:*:*:*:*
    cpe:2.3:a:google:toolbar:1.1.43:*:*:*:*:*:*:*
  • cpe:2.3:a:google:toolbar:1.1.44:*:*:*:*:*:*:*
    cpe:2.3:a:google:toolbar:1.1.44:*:*:*:*:*:*:*
  • cpe:2.3:a:google:toolbar:1.1.45:*:*:*:*:*:*:*
    cpe:2.3:a:google:toolbar:1.1.45:*:*:*:*:*:*:*
  • cpe:2.3:a:google:toolbar:1.1.47:*:*:*:*:*:*:*
    cpe:2.3:a:google:toolbar:1.1.47:*:*:*:*:*:*:*
  • cpe:2.3:a:google:toolbar:1.1.48:*:*:*:*:*:*:*
    cpe:2.3:a:google:toolbar:1.1.48:*:*:*:*:*:*:*
  • cpe:2.3:a:google:toolbar:1.1.49:*:*:*:*:*:*:*
    cpe:2.3:a:google:toolbar:1.1.49:*:*:*:*:*:*:*
  • cpe:2.3:a:google:toolbar:1.1.53:*:*:*:*:*:*:*
    cpe:2.3:a:google:toolbar:1.1.53:*:*:*:*:*:*:*
  • cpe:2.3:a:google:toolbar:1.1.54:*:*:*:*:*:*:*
    cpe:2.3:a:google:toolbar:1.1.54:*:*:*:*:*:*:*
  • cpe:2.3:a:google:toolbar:1.1.55:*:*:*:*:*:*:*
    cpe:2.3:a:google:toolbar:1.1.55:*:*:*:*:*:*:*
  • cpe:2.3:a:google:toolbar:1.1.56:*:*:*:*:*:*:*
    cpe:2.3:a:google:toolbar:1.1.56:*:*:*:*:*:*:*
  • cpe:2.3:a:google:toolbar:1.1.57:*:*:*:*:*:*:*
    cpe:2.3:a:google:toolbar:1.1.57:*:*:*:*:*:*:*
  • cpe:2.3:a:google:toolbar:1.1.58:*:*:*:*:*:*:*
    cpe:2.3:a:google:toolbar:1.1.58:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 05-09-2008 - 20:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 5424
bugtraq 20020808 Exploiting the Google toolbar (GM#001-MC)
misc http://sec.greymagic.com/adv/gm001-mc/
ntbugtraq 20020808 Exploiting the Google toolbar (GM#001-MC)
Last major update 05-09-2008 - 20:30
Published 11-04-2003 - 04:00
Last modified 05-09-2008 - 20:30
Back to Top