ID |
CVE-2002-1442
|
Summary |
The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:google:toolbar:1.1.41:*:*:*:*:*:*:*
cpe:2.3:a:google:toolbar:1.1.41:*:*:*:*:*:*:*
-
cpe:2.3:a:google:toolbar:1.1.42:*:*:*:*:*:*:*
cpe:2.3:a:google:toolbar:1.1.42:*:*:*:*:*:*:*
-
cpe:2.3:a:google:toolbar:1.1.43:*:*:*:*:*:*:*
cpe:2.3:a:google:toolbar:1.1.43:*:*:*:*:*:*:*
-
cpe:2.3:a:google:toolbar:1.1.44:*:*:*:*:*:*:*
cpe:2.3:a:google:toolbar:1.1.44:*:*:*:*:*:*:*
-
cpe:2.3:a:google:toolbar:1.1.45:*:*:*:*:*:*:*
cpe:2.3:a:google:toolbar:1.1.45:*:*:*:*:*:*:*
-
cpe:2.3:a:google:toolbar:1.1.47:*:*:*:*:*:*:*
cpe:2.3:a:google:toolbar:1.1.47:*:*:*:*:*:*:*
-
cpe:2.3:a:google:toolbar:1.1.48:*:*:*:*:*:*:*
cpe:2.3:a:google:toolbar:1.1.48:*:*:*:*:*:*:*
-
cpe:2.3:a:google:toolbar:1.1.49:*:*:*:*:*:*:*
cpe:2.3:a:google:toolbar:1.1.49:*:*:*:*:*:*:*
-
cpe:2.3:a:google:toolbar:1.1.53:*:*:*:*:*:*:*
cpe:2.3:a:google:toolbar:1.1.53:*:*:*:*:*:*:*
-
cpe:2.3:a:google:toolbar:1.1.54:*:*:*:*:*:*:*
cpe:2.3:a:google:toolbar:1.1.54:*:*:*:*:*:*:*
-
cpe:2.3:a:google:toolbar:1.1.55:*:*:*:*:*:*:*
cpe:2.3:a:google:toolbar:1.1.55:*:*:*:*:*:*:*
-
cpe:2.3:a:google:toolbar:1.1.56:*:*:*:*:*:*:*
cpe:2.3:a:google:toolbar:1.1.56:*:*:*:*:*:*:*
-
cpe:2.3:a:google:toolbar:1.1.57:*:*:*:*:*:*:*
cpe:2.3:a:google:toolbar:1.1.57:*:*:*:*:*:*:*
-
cpe:2.3:a:google:toolbar:1.1.58:*:*:*:*:*:*:*
cpe:2.3:a:google:toolbar:1.1.58:*:*:*:*:*:*:*
|
CVSS |
Base: | 7.5 (as of 05-09-2008 - 20:30) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
|
Last major update |
05-09-2008 - 20:30 |
Published |
11-04-2003 - 04:00 |
Last modified |
05-09-2008 - 20:30 |