Prioritize your email messages with SNARF
Fix your WinXP thru a bootable flash drive

December 6th, 2005

IE Design Flaw Lets Hacker Crack Google Desktop

Hackers may gain access to your computer thru a design flaw in Microsoft’s IE browser. The hackers can covertly hijack your information thru the use of Google Desktop application.

The bug is described as a design flaw that causes IE to allow a violation of the cross-domain security model. Gillon explained that IE does not properly parse CSS (cascading style sheet) files and allows the importation of files that are not valid CSS files.
eWEEK.com Special Report: Browser Security

This opens the door for attackers to disclose HTML and script code from the remote site that was improperly imported as a CSS file. This site may exist in another domain than the site that exploits the issue.

Gillon used the Google Desktop utility to prove his findings, but in theory, any domain or application that depends on the IE cross-domain security model is vulnerable. Read more about this here.

Posted by frederic tubale at 6:36 pm |
Filed under Tips & Alerts, Design & Programming, Web 2.0 | Bookmark on del.icio.us |Trackback

Leave your Comment