[funsec] Google Desktop Exposed
Richard M. Smith
rms at computerbytesman.com
Fri Dec 2 17:53:36 CST 2005
http://www.hacker.co.il/security/ie/css_import.html
Google Desktop Exposed: Exploiting an Internet Explorer Vulnerability to
Phish User Information
Overview
It was bound to happen. I was recently intrigued by the possibility of
utilizing Google Desktop for remote data retrieval of personal user data
(such as credit cards and passwords) through the use of a malicious web
page. Now, thanks to a severe design flaw in Internet Explorer, I managed to
show it's possible to covertly run searches on visitors to a web site by
exploiting this vulnerability. In this article I will detail what the
vulnerability in IE is and how it is used to exploit Google Desktop. If you
have IE 6 and Google Desktop v2 installed you can test it for yourself
<http://www.hacker.co.il/security/ie/gdsexploit.html> in my proof of
concept page.
...
More information about the funsec
mailing list