TITLE: Google Desktop Search Exposure of Local Search Results SECUNIA ADVISORY ID: SA13567
VERIFY ADVISORY: http://secunia.com/advisories/13567/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: >From remote SOFTWARE: Google Desktop Search http://secunia.com/product/4435/ DESCRIPTION: A vulnerability has been reported in Google Desktop Search, which can be exploited by malicious people to view local search results. The problem is that it is possible for Java applets (and possibly JavaScript and other plug-ins) to trigger fake Google searches that will cause Google Desktop Search to return local results, which normally would be embedded in search results from Google. These results can then be read by the Java applet and sent back to a malicious web site. Successful exploitation requires that a user is tricked into visiting a malicious web site. Versions prior to 121004 are vulnerable. SOLUTION: Update to version 121004 or later. Disable "Show Desktop Search results on Google Web Search result pages". ORIGINAL ADVISORY: http://seclab.cs.rice.edu/ ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
