Lucene search

[email protected]CVE-2007-1085

HistoryFeb 23, 2007 - 3:28 a.m.

CVE-2007-1085

2007-02-2303:28:00

[email protected]

web.nvd.nist.gov

google desktop

xss

remote attackers

security vulnerability

system access

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

5.7 Medium

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.9%

JSON

Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the “under” parameter in Advanced Search with the proper signature.

Affected configurations

NVD

Node

googledesktop

CPENameOperatorVersion
google:desktopgoogle desktopeq*

CPE	Name	Operator	Version
google:desktop	google desktop	eq	*

References

osvdb.org/33483

securityreason.com/securityalert/2301

www.kb.cert.org/vuls/id/615857

www.securityfocus.com/archive/1/460735/100/0/threaded

www.securityfocus.com/archive/1/460928/100/0/threaded

www.securityfocus.com/bid/22650

www.securitytracker.com/id?1017686

www.watchfire.com/resources/Overtaking-Google-Desktop.pdf

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

5.7 Medium

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.9%

JSON

Related for CVE-2007-1085

nvd1 securityvulns1 cvelist1 prion1 nessus1