CVE-2007-1085

Sažetak

Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature.

Reference

http://osvdb.org/33483
http://securityreason.com/securityalert/2301
http://www.kb.cert.org/vuls/id/615857
http://www.securityfocus.com/archive/1/460735/100/0/threaded
http://www.securityfocus.com/archive/1/460928/100/0/threaded
http://www.securityfocus.com/bid/22650
http://www.securitytracker.com/id?1017686
http://www.watchfire.com/resources/Overtaking-Google-Desktop.pdf

CVSS

Base:	7.6
Impact:	10.0
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:H/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

16-10-2018 - 16:36

Objavljeno

23-02-2007 - 03:28