CVE-2007-3150

2007-06-11T19:30:00
ID CVE-2007-3150
Type cve
Reporter cve@mitre.org
Modified 2008-11-15T06:51:00

Description

Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results stored on your computer" portion of the search results, and when clicked invokes Google Desktop to execute this file.