Welcome to WebmasterWorld Guest from 54.205.20.160

Forum Moderators: open

Message Too Old, No Replies

IE Design Flaw Lets Hacker Crack Google Desktop

   
5:17 pm on Dec 2, 2005 (gmt 0)

WebmasterWorld Senior Member tropical_island is a WebmasterWorld Top Contributor of All Time 10+ Year Member



From E-Week.com:

[eweek.com...]

Matan Gillon, a hacker from Israel, discovered the vulnerability in the cross-domain protections in Internet Explorer and published a proof-of-concept exploit to show how Google Desktop can be cracked.

"The proof of concept works on a fully patched IE browser (default security and privacy settings) with Google Desktop v2 installed," Gillon said in a note sent to Ziff Davis Internet News.

He also published a detailed explanation of the vulnerability and warned that an attacker simply needs to lure a target to visit a malicious Web page. "Much like classic XSS (cross site scripting) holes, this design flaw in IE allows an attacker to retrieve private user data or execute operations on the [user's] behalf on remote domains," Gillon explained.