An unpatched design flaw in Microsoft Corp.’s Internet Explorer browser could give malicious hackers an easy way to use the Google Desktop application to covertly hijack user information.
Matan Gillon, a hacker from Israel, discovered the vulnerability in the cross-domain protections in Internet Explorer and published a proof-of-concept exploit to show how Google Desktop can be cracked.
“The proof of concept works on a fully patched IE browser (default security and privacy settings) with Google Desktop v2 installed,” Gillon said
He also [url=http://www.hacker.co.il/security/ie/css_import.html]published a detailed explanation[/url] of the vulnerability and warned that an attacker simply needs to lure a target to visit a malicious Web page. “Much like classic XSS (cross site scripting) holes, this design flaw in IE allows an attacker to retrieve private user data or execute operations on the [user’s] behalf on remote domains,” Gillon explained.