LAST POSTS
:: Happy Leap Year 2008!
:: Google patented a anti-spam system with Steve Kirsch
:: Google patented their "Graphical User Interface"
:: Google Argentina not working
ABOUT DIRSON
:: Contact us
RSS v0.91 feed
[Sep 21, 2004] Security Focus
reports that 'Google Toolbar' users could suffer an 'HTML injection vulnerability'. In
fact this vulnerability is because of MS Internet Explorer and its "res:" and "file:"
protocols.
Gregory R. Panakkal --the person who found the vulnerability-- reports us that these two
protocols has been made inaccessible from Internet Zone from IE6-SP1 onwards. But
it would be still possible to inject code remotely on unpatched IE. However, Google Toolbar doesn't filter it to prevent such attacks.
Is your computer vulnerable? Try this
link (if you use 'MS Internet Explorer' and your 'Google Toolbar' is in English).
If you see that the Windows Calculator executes, it's better you patched your browser.
Instead of the Calculator, it could be another more dangerous command.