7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
5.7 Medium
AI Score
Confidence
High
0.023 Low
EPSS
Percentile
89.8%
Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the “under” parameter in Advanced Search with the proper signature.
osvdb.org/33483
securityreason.com/securityalert/2301
www.kb.cert.org/vuls/id/615857
www.securityfocus.com/archive/1/460735/100/0/threaded
www.securityfocus.com/archive/1/460928/100/0/threaded
www.securityfocus.com/bid/22650
www.securitytracker.com/id?1017686
www.watchfire.com/resources/Overtaking-Google-Desktop.pdf