Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV=βrefreshβ that targets a www.google.com search for a local .exe file, which is displayed in the βresults stored on your computerβ portion of the search results, and when clicked invokes Google Desktop to execute this file.