CVE-2002-1442

The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html
http://online.securityfocus.com/archive/1/286527	Exploit Patch Vendor Advisory
http://sec.greymagic.com/adv/gm001-mc/
http://www.securityfocus.com/bid/5424	Exploit Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:google:toolbar:1.1.41:::::::*
	cpe:2.3:a:google:toolbar:1.1.42:::::::*
	cpe:2.3:a:google:toolbar:1.1.43:::::::*
	cpe:2.3:a:google:toolbar:1.1.44:::::::*
	cpe:2.3:a:google:toolbar:1.1.45:::::::*
	cpe:2.3:a:google:toolbar:1.1.47:::::::*
	cpe:2.3:a:google:toolbar:1.1.48:::::::*
	cpe:2.3:a:google:toolbar:1.1.49:::::::*
	cpe:2.3:a:google:toolbar:1.1.53:::::::*
	cpe:2.3:a:google:toolbar:1.1.54:::::::*
	cpe:2.3:a:google:toolbar:1.1.55:::::::*
	cpe:2.3:a:google:toolbar:1.1.56:::::::*
	cpe:2.3:a:google:toolbar:1.1.57:::::::*
	cpe:2.3:a:google:toolbar:1.1.58:::::::*

History

No history.

Information

Published : 2003-04-11 04:00

Updated : 2023-12-10 10:17

NVD link : CVE-2002-1442

Mitre link : CVE-2002-1442

CVE.ORG link : CVE-2002-1442

JSON object : View

Products Affected

google

toolbar

CWE

NVD-CWE-Other

{"id": "CVE-2002-1442", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2003-04-11T04:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html", "source": "cve@mitre.org"}, {"url": "http://online.securityfocus.com/archive/1/286527", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sec.greymagic.com/adv/gm001-mc/", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5424", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as \"My Computer\" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check."}, {"lang": "es", "value": "La barra de herramientas de Google 1.1.58 y versiones anteriores, permite a sitios web remotos realizar operaciones no autorizadas de la barra de herramientas, incluidas la ejecuci\u00f3n de rutinas y la lectura de ficheros en otras zonas como 'My Computer' abriendo una ventana a tools.google.com o el protocolo res:, y a continuaci\u00f3n utilizando rutinas para modificar la ubicaci\u00f3n de la ventana a la de la URL de configuraci\u00f3n de la barra de herramientas, con lo que se elude la verificaci\u00f3n original."}], "lastModified": "2008-09-05T20:30:36.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:toolbar:1.1.41:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90B18B24-8E0C-41B3-9354-2506A05734A5"}, {"criteria": "cpe:2.3:a:google:toolbar:1.1.42:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B41A4120-18F1-43B1-96B1-B97655671866"}, {"criteria": "cpe:2.3:a:google:toolbar:1.1.43:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64280CDE-BEB8-4A8D-A5B9-1F850ED002F3"}, {"criteria": "cpe:2.3:a:google:toolbar:1.1.44:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC8876EA-F6FD-4EE9-A63E-31610525CC74"}, {"criteria": "cpe:2.3:a:google:toolbar:1.1.45:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "599A6B58-9915-4D72-A850-7A34EE85159F"}, {"criteria": "cpe:2.3:a:google:toolbar:1.1.47:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0708ABF8-989D-4879-90D9-93D4D237F270"}, {"criteria": "cpe:2.3:a:google:toolbar:1.1.48:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C06A2E25-81C2-4645-A652-055A3E37F5FE"}, {"criteria": "cpe:2.3:a:google:toolbar:1.1.49:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D763CC4-8E6D-40B3-A663-DA7148F66CFB"}, {"criteria": "cpe:2.3:a:google:toolbar:1.1.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B195D15-29BC-42B3-B931-696CC0527D2F"}, {"criteria": "cpe:2.3:a:google:toolbar:1.1.54:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAB91C2C-86DC-406C-89A1-2163B15F46E0"}, {"criteria": "cpe:2.3:a:google:toolbar:1.1.55:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D29CB61F-61B1-4710-9E8C-7D97060C0F26"}, {"criteria": "cpe:2.3:a:google:toolbar:1.1.56:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "614061C9-AE7A-46B5-BD53-75CD69F15C44"}, {"criteria": "cpe:2.3:a:google:toolbar:1.1.57:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19A0D7E9-70F2-484B-8FA8-5B48052A46D4"}, {"criteria": "cpe:2.3:a:google:toolbar:1.1.58:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0200C2A1-578F-45F2-B677-9091BC49EF93"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}