Critical vulnerability in Google Desktop fixed
Google has fixed a security vulnerability in its Desktop application Google Desktop, which could be used by an attacker to spy on hard drive data. It was apparently even feasible to gain complete remote control of a computer. Google Desktop combines internet searches on the Google search engine with searches for locally saved files. To do so Google Desktop reads the search term and automatically includes the local search results in the results returned by Google - for the user the results look almost like a normal Google search.
According to media reports, Google has built additional checks into the Desktop Search to prevent such attacks in future.
Back in December 2004 it was possible to search a victim's hard drive and view parts of files via a vulnerability in Google desktop.
- Overtaking Google Desktop, bug report from Watchfire