TechBulletin

A design flaw in Internet Explorer could give malicious hackers an easy way to use Google Desktop to hijack user information.

Matan Gillon, a hacker from Israel, discovered the vulnerability in the cross-domain protections in IE and published a proof-of-concept exploit to show how Google Desktop can be cracked.

He warned that an attacker simply needs to lure a target to visit a malicious Web page. “Much like classic XSS (cross site scripting) holes, this flaw lets an attacker to retrieve private user data or execute operations on the [user’s] behalf on remote domains,” Gillon explained.

Gillon used the Google Desktop utility to prove his findings, but in theory any domain or application that depends on the IE cross-domain security model is vulnerable.

As a temporary solution, he recommends that IE users disable JavaScript or use a different browser.

Source : PC Magazine