[WEB SECURITY] Links on the Google Desktop Search/Internet Explorer CSS vulnerability

Will Jefferies wjefferies at fncinc.com
Tue Dec 6 14:20:41 EST 2005


Mcafee Virus Scan Enterprise caught this as JS/Expoit-GDesk...very cool.

Will 

-----Original Message-----
From: Jeremiah Grossman [mailto:jeremiah at whitehatsec.com] 
Sent: Tuesday, December 06, 2005 1:09 PM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] Links on the Google Desktop Search/Internet
Explorer CSS vulnerability 

I pulled together a few links from the Google Desktop Search/Internet  
Explorer vulnerability that the media has been reporting on.

"A security researcher in Israel (Matan Gillon) has found a way to  
steal information from unwitting users of Google's desktop search  
tool by exploiting an unpatched flaw in Microsoft's ubiquitous  
Internet Explorer."

IE flaw lets intruders into Google Desktop
http://news.zdnet.com/2100-1009_22-5980623.html

Researcher: IE Flaw Allows Data Theft
http://blogs.washingtonpost.com/securityfix/2005/12/researcher_expo.html


Technical details here:

Google Desktop Exposed: Exploiting an Internet Explorer Vulnerability  
to Phish User Information
http://www.hacker.co.il/security/ie/css_import.html

Cool stuff. Essentially describes  a way to circumvent the same  
origin policy in IE using CSS "addImport" method. The method can be  
used to call in files remotely, normally CSS, but in the example  
HTML. The cssText property allows read access to snippets of the web  
page content when it should not. Thereby bypassing the same origin  
policy. I tried something similar in firefox several weeks ago, but  
to no avail. They are pretty good about it.


Then Google "fixed" it.

Google Fixes Desktop Search Loophole
http://www.cio-today.com/news/Google-Fixes-Desktop-Search-Loophole/ 
story.xhtml?story_id=011000DNG0PQ

What I don't know is HOW they fixed it. Seems like it was a pure IE  
vulnerability to me.


Regards,

Jeremiah-



---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/


Confidentiality Notice: This message is for the sole use of the intended recipient(s). It may contain confidential or proprietary information and may be subject to the attorney-client privilege or other confidentiality protections. If this message was misdirected, neither FNC Holding Company, Inc. nor any of its subsidiaries waive any confidentiality, privilege, or trade secrets. If you are not a designated recipient, you may not review, print, copy, retransmit, disseminate, or otherwise use this message. If you have received this message in error, please notify the sender by reply e-mail and delete this message.


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list