CVE-2007-1085 - Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protect

CVE-2007-1085

Summary

Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature.

References

Vulnerable Configurations

cpe:2.3:a:google:desktop:*:*:*:*:*:*:*:*
cpe:2.3:a:google:desktop:*:*:*:*:*:*:*:*

CVSS

Base:	7.6 (as of 16-10-2018 - 16:36)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:H/Au:N/C:C/I:C/A:C

refmap via4

bid	22650
bugtraq	20070221 Overtaking Google Desktop 20070222 RE: Overtaking Google Desktop
cert-vn	VU#615857
misc	http://www.watchfire.com/resources/Overtaking-Google-Desktop.pdf
osvdb	33483
sectrack	1017686
sreason	2301

Last major update

16-10-2018 - 16:36

Published

23-02-2007 - 03:28

Last modified

16-10-2018 - 16:36