google_apps

Ah, its raining in Mountain View today. Well, at least in one building. It turns out that’s there is a a vulnerability in Google Apps that can lead to a local compromise of a users system. Apparently, this can lead to non-privileged code execution.

Um, yeah.

From retrogod:

google apps googleapps.url.mailto:// uri handler cross-browser remote command execution exploit (Internet Explorer)
by nine:situations:group::pyrokinesis
site: http://retrogod.altervista.org/

software site: http://pack.google.com/intl/it/pack_installer.html

tested against: Internet Explorer 8, windows xp sp3
Internet Explorer 7, windows xp sp3
Google Chrome 2.0.172.43

vulnerability: through the vulnerable googleapps.url.mailto:// deprecated uri handler, registered as follows:

There is a proof of concept on the site as well.

Doesn’t really give folks in Los Angeles a warm and fuzzy one would imagine.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.