Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2475

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-2475
Last Modified 05 Sep 2008 04:44:14
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2475

Summary

Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability.

Vulnerable Systems

Application

  • Google Toolbar 1.1.41

  • Google Toolbar 1.1.42

  • Google Toolbar 1.1.43

  • Google Toolbar 1.1.44

  • Google Toolbar 1.1.45

  • Google Toolbar 1.1.47

  • Google Toolbar 1.1.48

  • Google Toolbar 1.1.49

  • Google Toolbar 1.1.53

  • Google Toolbar 1.1.54

  • Google Toolbar 1.1.55

  • Google Toolbar 1.1.56

  • Google Toolbar 1.1.57

  • Google Toolbar 1.1.58

  • Google Toolbar 1.1.59

  • Google Toolbar 1.1.60

  • Google Toolbar 2.0.114.1


References

XF - google-toolbar-about-code-execution(17435)

BID - 11210

OSVDB - 10037

SECTRACK - 1011351

FULLDISC - 20040918 Re: GoogleToolbar:About -- Allows Script Injection

BUGTRAQ - 20040917 GoogleToolbar:About -- Allows Script Injection


Last Updated: 27 May 2016 10:39:29