CVE-2007-3150

Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results stored on your computer" portion of the search results, and when clicked invokes Google Desktop to execute this file.

Published: Jun 11, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-3150
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
google / desktop	-	-

http://ha.ckers.org/blog/20070531/google-desktop-0day/
http://ha.ckers.org/google-desktop-0day/
http://osvdb.org/40566

Vulnerability Database

289,697

CVE-2007-3150