Vulnerability Description
Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results stored on your computer" portion of the search results, and when clicked invokes Google Desktop to execute this file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Desktop | All versions |
References
- http://ha.ckers.org/blog/20070531/google-desktop-0day/
- http://ha.ckers.org/google-desktop-0day/Exploit
- http://osvdb.org/40566
- http://ha.ckers.org/blog/20070531/google-desktop-0day/
- http://ha.ckers.org/google-desktop-0day/Exploit
- http://osvdb.org/40566
FAQ
What is CVE-2007-3150?
CVE-2007-3150 is a vulnerability with a CVSS score of 9.3 (HIGH). Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refres...
How severe is CVE-2007-3150?
CVE-2007-3150 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3150?
Check the references section above for vendor advisories and patch information. Affected products include: Google Desktop.