Signature Detail
Short Name |
HTTP:STC:GOOGLE-APP-MAILTO |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Google Apps URI Argument Injection |
Release Date |
2009/10/19 |
Update Number |
1527 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Google Apps URI Argument Injection
This signature detects attempts to exploit a known vulnerability in Google Apps. An attacker can create a malicious Web site with Web pages containing Google App URI's. If the Web page is accessed by a victim, it allows the attacker to execute arbitrary code on the victim's computer.
Extended Description
Google Apps is prone to a vulnerability that lets attackers inject commands through a protocol handler. This issue occurs because the application fails to adequately sanitize user-supplied input. Exploiting this issue would permit remote attackers to inject and execute commands with the privileges of a user running the application. An attacker can launch arbitrary applications from the local computer or an accessible network share. This issue is reported to affect Google Apps 1.1.110.6031 when used with Microsoft Internet Explorer 7 and Google Chrome 2.0.172.43
Affected Products
- Google Apps 1.1.110.6031
References
- BugTraq: 36581