[funsec] Google Desktop Exposed

Richard M. Smith rms at computerbytesman.com
Fri Dec 2 17:53:36 CST 2005


Google Desktop Exposed: Exploiting an Internet Explorer Vulnerability to
Phish User Information


It was bound to happen. I was recently intrigued by the possibility of
utilizing Google Desktop   for remote data retrieval of personal user data
(such as credit cards and passwords) through the use of a malicious web
page. Now, thanks to a severe design flaw in Internet Explorer, I managed to
show it's possible to covertly run searches on visitors to a web site by
exploiting this vulnerability. In this article I will detail what the
vulnerability in IE is and how it is used to exploit Google Desktop. If you
have IE 6 and Google Desktop v2 installed you can test it for yourself
<http://www.hacker.co.il/security/ie/gdsexploit.html>  in my proof of
concept page. 


More information about the funsec mailing list