CVE-2007-1085

Google Desktop - Cross-Site Scripting via Advanced Search 'under' Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1085. PoCs published by Yair Amit.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Google Desktop by injecting a script tag into the search query parameter. The vulnerability allows arbitrary script execution in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Yair Amit · textwebappscgi
https://www.exploit-db.com/exploits/29623

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Google Desktop by injecting a script tag into the search query parameter. The vulnerability allows arbitrary script execution in the context of the affected site.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Google Desktop (version not specified)
No auth needed
Prerequisites: User interaction required to visit the crafted URL
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1017686
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/460735/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/460928/100/0/threaded
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/615857
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2301
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22650
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/33483

Scores

EPSS 0.1076
EPSS Percentile 95.3%

Details

Status published
Products (1)
google/desktop
Published Feb 23, 2007
Tracked Since Feb 18, 2026