Procrastination, delivered!

All about waiting for the apple to fall. Add yours – reach.singhsong@gmail.com

  • Calendar

    December 2005
    M T W T F S S
    « Nov   Jan »
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • Archives

  • Pages

  • Blog Stats

    • 3,922 hits

Archive for December 3rd, 2005

Google Desktop Vulnerability; IE CSS Import Gotcha

Posted by hs on December 3, 2005

Matan Gillon has posted a exploit on vulnerability in Google Desktop v2 while using Internet Explorer. By taking advantage of the CSSXCSS (Cascading Style Sheets Cross Side Scripting) vulnerability in Internet Explorer, a hacker might be able to read data from pages fetched from other sites. If this sounds technical, picture this: you browse to a seeminly normal website (containing say pictures, articles, etc.). Typically one would not think that this website can read the details of the other page you have opened, say your bank account, or the shopping cart with credit card details. The IE vulnerability allows specially crafted pages to do just that.

Read the original article (Google Desktop Exposed: Exploiting an Internet Explorer Vulnerability to Phish User Information) for details. Possible precautionary steps (until this vulnerability is patched) are to disable JavaScript in IE or switch to a better browser (Firefox, Opera, etc.).

The proof of concept exploit is available here.

Get Firefox

Keywords: CSSXCSS, CSS, Google Desktop, Internet Explorer, IE, JavaScript, Cross Site Scripting, Vulnerability, Cross-site scripting, GDS, Exploit, Proof of concept, Firefox, Opera

Posted in Bug/Vulnerability, Internet | 1 Comment »