Security researchers with Watchfire have uncovered a vulnerability in the Google Desktop application that could allow an attacker to steal confidential information and potentially take over control of a system.
Google has released an update for its software that patches the vulnerability that relies on cross site scripting attack techniques.
An attacker could exploit the flaw through a specially crafted web link that contains JavaScript code. When a user clicks on the link, the code will be executed by the Google Desktop application, which then allows the attacker to perform searches on the infected computer where they could find password, social security numbers or other confidential information.
The security vulnerability is sparked by the fact that Google Desktop is linked to the Google.com service. Current generation anti-virus software furthermore doesn't protect against these attacks, Watchfire cautioned.
Online applications security is a hot topic. Security firm Acunetix released a study in which it claimed that corporate websites on average suffer from 66 security vulnerabilities in their online applications.
Critical vulnerability surfaces on Google Desktop
By
Tom Sanders
on Feb 22, 2007 9:53AM
Desktop search vulnerable to cross site scripting attack.
