-=PCTechTalk=- Fw: Google toolbar flaw exposes PCs

• From: "Terry Miller" <terrymiller@xxxxxxx>
• To: <pctechtalk@xxxxxxxxxxxxx>
• Date: Tue, 13 Aug 2002 08:40:24 -0600

----- Original Message ----- 
From: alerts@xxxxxxxxxxx 
To: cybercrime-alerts@xxxxxxxxxxxxx 
Sent: Monday, August 12, 2002 4:54 PM
Subject: Google toolbar flaw exposes PCs




* subscribe at http://techPolice.com
 

Google toolbar flaw exposes PCs
ZDNet (UK)
August 12, 2002, 10:12 AM PT
URL: http://zdnet.com.com/2100-1105-949381.html 

An Israeli security firm has discovered a security vulnerability in Google's 
Internet Explorer toolbar that could allow an attacker to run malicious code on 
a user's PC, read private files, and carry out other intrusions. 

According to GreyMagic Software, a flaw in the Google Toolbar version 1.1.58 
and earlier allows an attacker to embed code in any Web page that fools the 
toolbar into executing the attacker's commands. These commands can include 
altering the toolbar's parameters, which allows the attacker to hijack 
searches, alter the appearance of the toolbar or uninstall it completely. It 
also, more dangerously, allows the attacker to execute code on the user's PC. 

Google issued a new version of the toolbar fixing the problem, via its 
automatic update feature, on Wednesday. As of Friday, the current version of 
the toolbar is 1.1.60. 

GreyMagic's exploits centre around the fact that the toolbar uses simple URLs 
to control the software's features or execute scripts. Changes to the toolbar 
settings are made via a URL such as "http://toolbar.google.com/command?(changes 
here)", and scripts can be executed at 
"http://toolbar.google.com/command?script=(any script)". 

The toolbar only allows changes to take place if the document being viewed in 
the browser is in the google.com domain, or is viewing any location using a 
special "resource" protocol, meant for accessing system resources on the local 
computer. (Resource protocol addresses take the form "res://(address)".) 

However, GreyMagic demonstrated that this restriction could be easily 
circumvented by opening a "res://" or google.com page, and then using a script 
to change the URL to the desired malicious address. 

All a Google Toolbar user would have to do would be to visit a particular 
URL--which could be distributed through an e-mail, for example--and a script 
embedded in the page could read files on the user's hard disk, alter the 
configuration of the toolbar to hijack searches or execute malicious commands. 
Since the commands can be executed in the "My Computer" security zone, they do 
not have many restrictions. 

GreyMagic said that several demonstrations of such exploits are available on 
its Web site


--
This was sent to you from http://theMezz.com
To Subscribe/Unsubscribe go to http://techPolice.com
http://www.theMezz.com/cybercrime/archive

*** TECH NEWS AT http://theMezzenger.com ***



 


To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk

To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/

• Follow-Ups:
  • -=PCTechTalk=- Re: Fw: Google toolbar flaw exposes PCs
    • From: Christy
  • -=PCTechTalk=- Re: Fw: Google toolbar flaw exposes PCs
    • From: Master NetLord

Other related posts:

• » -=PCTechTalk=- Fw: Google toolbar flaw exposes PCs

1. Home
2. pctechtalk
3. Archive
4. 08-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---