Google Desktop Zero Day Exploit

RSnake from ha.ckers.org has posted an example of a zero day exploit using Google Desktop that he says you could use to do almost anything on someone’s computer who has Google Desktop installed. Someone could could use a wireless hotspot to monitor for a user with Google Desktop installed and then use the exploit against them. This is one big reason you should be careful with which internet applications you allow total access to your computer, and I am sure there will be many more examples using other programs from Google and other software vendors.

The demo does not try to hide what it is doing by making the overlay visible, but this is a demonstration of how it works, so you can see each component. In the video, as mentioned, we launch hyperterm.exe, although we could have launched almost anything you can imagine, including programs that connect out to the web, uninstall programs, etc… We stopped once we realized we could do this much damage, but we are certain this could be used for far more nefarious things. Source: Google Desktop 0day

The video demonstration is below.