Google Desktop Advanced Search Internal Web Server XSS

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has an application installed that is vulnerable to a
local cross-site scripting attack.

Description :

The version of Google Desktop installed on the remote host is affected
by a cross-site scripting flaw because it fails to properly encode the
output for the 'under' keyword. This issue cannot be directly
exploited remotely; however, when used in conjunction with a known
Google.com cross-site scripting vulnerability to extract the unique
signature associated with Google Desktop software, it might allow an
attacker to query a victim's system for sensitive information.

See also :

http://www.nessus.org/u?72d01fea

Solution :

Google Desktop automatically updates itself when a new version of the
software is available. However, in some cases it may not be able to
update itself due to network connectivity issues. Please ensure that
Google Desktop version 5.0.0701.30540 or later is installed.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 24710 (google_desktop_xss_flaw.nasl)

Bugtraq ID: 22650

CVE ID: CVE-2007-1085

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now