Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the “under” parameter in Advanced Search with the proper signature.
osvdb.org/33483
securityreason.com/securityalert/2301
www.kb.cert.org/vuls/id/615857
www.securityfocus.com/archive/1/460735/100/0/threaded
www.securityfocus.com/archive/1/460928/100/0/threaded
www.securityfocus.com/bid/22650
www.securitytracker.com/id?1017686
www.watchfire.com/resources/Overtaking-Google-Desktop.pdf