Signature Detail

HTTP: GoogleBar Arbitrary Local File Access

This signature detects attempts to exploit a known vulnerability in the Google ToolBar, an Internet Explorer plugin. Google ToolBar 1.1.58 and prior are vulnerable. The configuration URL that is used make changes to Google ToolBar option is available only to documents within google.com or a special res:// protocol. Attackers can open a browser window that uses google.com or any res:// as a URL, then use scripting to change the URL to the Google ToolBar configuration URL. Once they have gained access, they cAN view any local files that can be opened with Internet Explorer.

Extended Description

The Google Toolbar is an ActiveX control for Microsoft Internet Explorer, which provides functionality related to the Google search engine. It is possible to modify configuration settings by visiting a specific URL that accepts commands as CGI parameters. A malicious script may directly access this URL by redirecting a page which references a trusted site, such as the google.com domain. It is possible to modify the toolbar configuration, and to execute arbitrary script code, possibly within the Local System security zone.

Affected Products

• Google Toolbar 1.1.41
• Google Toolbar 1.1.42
• Google Toolbar 1.1.43
• Google Toolbar 1.1.44
• Google Toolbar 1.1.45
• Google Toolbar 1.1.47
• Google Toolbar 1.1.48
• Google Toolbar 1.1.49
• Google Toolbar 1.1.53
• Google Toolbar 1.1.54
• Google Toolbar 1.1.55
• Google Toolbar 1.1.56
• Google Toolbar 1.1.57
• Google Toolbar 1.1.58

References

• BugTraq: 5424
• CVE: CVE-2002-1442
• URL: http://www.jnx.com/security/auto/vulnerabilities/vuln2175.html