Google Desktop Search is reported prone to a remote vulnerability that may allow an attacker to disclose a user's search results from the local computer. The attacker entices a user to visit the site and creates a Java applet to leverage this vulnerability. When the Java applet is loaded by the user, it can send queries to the attacker's server that appear to be Google queries to the Desktop Search application. The Desktop Search application integrates local search results with the queries and this information is sent to the remote server controlled by the attacker.
Google Desktop Search is reported prone to a remote vulnerability that may allow an attacker to disclose a user's search results from the local computer. The attacker entices a user to visit the site and creates a Java applet to leverage this vulnerability. When the Java applet is loaded by the user, it can send queries to the attacker's server that appear to be Google queries to the Desktop Search application. The Desktop Search application integrates local search results with the queries and this information is sent to the remote server controlled by the attacker.