[Japanese]

JVNDB-2008-000010

Google Desktop cross-site scripting vulnerability

Overview

Google Desktop contains a cross-site scripting vulnerability.

Google Desktop, software for searching information on local computers, contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Google
  • Google Desktop 5.1.706.29690 and earlier

Impact

An arbitrary script could be executed on the web browser of a user who uses Google Desktop.
Solution

According to the vendor, this vulnerability has been fixed in Google Desktop 5.1.706.29690 released on July 4, 2007 and later versions. Although Google Desktop has an automatic update feature, check the version information of Google Desktop you are using. If your version is earlier than Google Desktop 5.1.706.29690, update to the latest version as soon as possible.
Vendor Information

Google
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#79114735
Revision History

  • [2008/05/21]
      Web page published

Date Public2008/03/12
Date First Published2008/05/21
Date Last Updated2008/05/21