1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Google Toolbar About.HTML HTML Injection

Google Toolbar About.HTML HTML Injection

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a code injection vulnerability in the Google Toolbar application.

Additional Information

The Google Toolbar is an ActiveX control for Microsoft Internet Explorer, which provides functionality related to the Google search engine.

Google Toolbar is reported prone to an HTML injection vulnerability. It is reported that the Google Toolbar 'ABOUT.HTML' page allows the injection of HTML and JavaScript code. Specifically, it is reported that JavaScript or HTML code can be injected into the Google Toolbar 'ABOUT.HTML' page, as background-image data.

This vulnerability may allow an attacker to inject malicious HTML and script code into the about page of the vulnerable application. An unsuspecting user viewing the about page will have the attacker-supplied script code executed within their browser in the context of the vulnerable page.

This vulnerability is reported to affect GoogleToolbar version 2.0.114.1-big/en. Other versions might also be affected.

Affected

  • Google Toolbar 1.1.41, 1.1.42, 1.1.43, 1.1.44, 1.1.45, 1.1.47, 1.1.48, 1.1.49, 1.1.53, 1.1.54, 1.1.55, 1.1.56, 1.1.57, 1.1.58, 1.1.59, 1.1.60, 2.0.114.1

Response

Currently there are no known patches or workarounds for this vulnerability. It is recommended that users upgrade to the latest version of the application and contact the vendor for more details.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube