Procrastination, delivered!

All about waiting for the apple to fall. Add yours – reach.singhsong@gmail.com

Google Desktop Vulnerability; IE CSS Import Gotcha

Posted by hs on December 3, 2005

Matan Gillon has posted a exploit on vulnerability in Google Desktop v2 while using Internet Explorer. By taking advantage of the CSSXCSS (Cascading Style Sheets Cross Side Scripting) vulnerability in Internet Explorer, a hacker might be able to read data from pages fetched from other sites. If this sounds technical, picture this: you browse to a seeminly normal website (containing say pictures, articles, etc.). Typically one would not think that this website can read the details of the other page you have opened, say your bank account, or the shopping cart with credit card details. The IE vulnerability allows specially crafted pages to do just that.

Read the original article (Google Desktop Exposed: Exploiting an Internet Explorer Vulnerability to Phish User Information) for details. Possible precautionary steps (until this vulnerability is patched) are to disable JavaScript in IE or switch to a better browser (Firefox, Opera, etc.).

The proof of concept exploit is available here.

Get Firefox

Keywords: CSSXCSS, CSS, Google Desktop, Internet Explorer, IE, JavaScript, Cross Site Scripting, Vulnerability, Cross-site scripting, GDS, Exploit, Proof of concept, Firefox, Opera

Advertisements

One Response to “Google Desktop Vulnerability; IE CSS Import Gotcha”

  1. […] Google Desktop has now been tweaked as a workaround against the IE CSSXCSS bug.   […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: