CVE-2007-6536

NONECVSS 0.0

0.0

The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com.

🔗 References (14)

cve@mitrehttp://aviv.raffon.net/2007/12/18/GoogleToolbarDialogSpoofingVulnerability.aspx
cve@mitrehttp://secunia.com/advisories/28166
cve@mitrehttp://securityreason.com/securityalert/3491
cve@mitrehttp://www.osvdb.org/39499
cve@mitrehttp://www.securityfocus.com/archive/1/485288/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/26923
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/39164
af854a3a-2127-422b-91ae-364da2661108http://aviv.raffon.net/2007/12/18/GoogleToolbarDialogSpoofingVulnerability.aspx
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28166
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3491
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/39499
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/485288/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26923
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/39164

Is Your Infrastructure Affected by CVE-2007-6536?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-6536

📅 Published

🔄 Last Modified

🔗 References (14)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-6536?