CVE-2007-1085

Name of the Vulnerable Software and Affected Versions Google Desktop (affected versions not specified)

Description A cross-site scripting (XSS) issue allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, potentially gaining full access to the system. This is achieved by exploiting an XSS vulnerability in google.com to extract the signature for the internal web server, and then calling the under parameter in Advanced Search with the proper signature.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.