VYPR
Unrated severityNVD Advisory· Published Jun 11, 2007· Updated Jun 16, 2026

CVE-2007-3150

CVE-2007-3150

Description

Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results stored on your computer" portion of the search results, and when clicked invokes Google Desktop to execute this file.

Affected products

2
  • Google/Desktop2 versions
    cpe:2.3:a:google:desktop:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:google:desktop:*:*:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.