Google desktop exploited by IE flaw

A security researcher in Israel has found a way to steal information from unwitting users of Google's desktop search tool by exploiting an unpatched flaw in Microsoft's ubiquitous Internet Explorer.

There is a bug in the way the web browser processes CSS rules, Matan Gillon wrote in a description of his hack posted on Wednesday. CSS, or Cascading Style Sheets, is a method for setting common styles across multiple web pages. The web design technique is widely used on many sites across the internet.

The proof-of-concept method is an example of how security flaws in software can offer all kinds of access to programs on vulnerable PCs, including to Google Desktop.

Gillon wrote: "This design flaw in IE allows an attacker to retrieve private user data or execute operations on the user's behalf on remote domains."

He crafted a web page that - when viewed in IE on a computer with Google Desktop installed - uses the search tool and returns results for the query "password".

To exploit the flaw, an attacker has to lure a victim to a malicious web page. "Thousands of websites can be exploited, and there isn't a simple solution against this attack, at least until IE is fixed," Gillon wrote.

Microsoft is investigating the issue, which it described in a statement as a problem affecting the cross-domain protections in Internet Explorer. "This issue could potentially allow an attacker to access content in a separate website, if that website is in a specific configuration," Microsoft said in the statement.

Microsoft is not currently aware of malicious code that takes advantage of the flaw, but is monitoring the situation, the company said. A security update or an advisory on the problem may be coming, it said.

Google is also investigating Gillon's findings. A spokeswoman for the search giant said: "We just learned of this issue and are looking into it."

While Gillon in his example uses the IE flaw as a means to get to Google Desktop, this flaw and other software bugs could be used to covertly access virtually any application on a compromised computer.

Joris Evers writes for News.com