Google Talk 'http' and 'mailto' Remote Script Code Injection Vulnerability
BID:29946
Info
Google Talk 'http' and 'mailto' Remote Script Code Injection Vulnerability
| Bugtraq ID: | 29946 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 25 2008 12:00AM |
| Updated: | Jun 27 2008 12:11AM |
| Credit: | Lostmon |
| Vulnerable: |
Google Talk 1.0.0.105 |
| Not Vulnerable: | |
Discussion
Google Talk 'http' and 'mailto' Remote Script Code Injection Vulnerability
Google Talk is prone to a remote script-injection vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary HTML or script code within the context of the affected application.
Google 1.0.0.105 is vulnerable; other versions may also be affected.
Google Talk is prone to a remote script-injection vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary HTML or script code within the context of the affected application.
Google 1.0.0.105 is vulnerable; other versions may also be affected.
Exploit / POC
Google Talk 'http' and 'mailto' Remote Script Code Injection Vulnerability
Attackers can exploit these issues by crafting and submitting a malicious 'http' or 'mailto' URI through the application.
Attackers can exploit these issues by crafting and submitting a malicious 'http' or 'mailto' URI through the application.
Solution / Fix
Google Talk 'http' and 'mailto' Remote Script Code Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Google Talk 'http' and 'mailto' Remote Script Code Injection Vulnerability
References:
References:
- Google Talk Homepage (Google)
- Gtalk 1.0.0.105 html injection and Stealing messages (Lostmon)