HTTP: GoogleBar Arbitrary Local File Access

This signature detects attempts to exploit a known vulnerability in the Google ToolBar, an Internet Explorer plugin. Google ToolBar 1.1.58 and prior are vulnerable. The configuration URL that is used make changes to Google ToolBar option is available only to documents within google.com or a special res:// protocol. Attackers can open a browser window that uses google.com or any res:// as a URL, then use scripting to change the URL to the Google ToolBar configuration URL. Once they have gained access, they cAN view any local files that can be opened with Internet Explorer.

Extended Description

The Google Toolbar is an ActiveX control for Microsoft Internet Explorer, which provides functionality related to the Google search engine. It is possible to modify configuration settings by visiting a specific URL that accepts commands as CGI parameters. A malicious script may directly access this URL by redirecting a page which references a trusted site, such as the google.com domain. It is possible to modify the toolbar configuration, and to execute arbitrary script code, possibly within the Local System security zone.

Affected Products

Google toolbar

Short Name
HTTP:STC:IE:GOOGLEBAR-FILE
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Access Arbitrary CVE-2002-1442 File GoogleBar Local bid:5424
Release Date
04/22/2003
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Google

CVSS Score

7.5

Found a potential security threat?