Vulnerability Details : CVE-2007-1085
Potential exploit
Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2007-1085
- cpe:2.3:a:google:desktop:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-1085
10.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-1085
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST |
References for CVE-2007-1085
-
http://www.securityfocus.com/bid/22650
Exploit
-
http://www.securityfocus.com/archive/1/460928/100/0/threaded
-
http://osvdb.org/33483
-
http://www.kb.cert.org/vuls/id/615857
US Government Resource
-
http://www.securitytracker.com/id?1017686
-
http://www.securityfocus.com/archive/1/460735/100/0/threaded
-
http://securityreason.com/securityalert/2301
-
http://www.watchfire.com/resources/Overtaking-Google-Desktop.pdf
Jump to