6.8

CVE-2007-6536

Exploit

EPSS 0.97%
Published 27.12.2007 23:46:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Toolbar Version4

Google ≫ Toolbar Version5 Updatebeta

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.97%	0.746

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://aviv.raffon.net/2007/12/18/GoogleToolbarDialogSpoofingVulnerability.aspx

Exploit

http://secunia.com/advisories/28166

Vendor Advisory

http://securityreason.com/securityalert/3491

http://www.osvdb.org/39499

http://www.securityfocus.com/archive/1/485288/100/0/threaded

http://www.securityfocus.com/bid/26923

https://exchange.xforce.ibmcloud.com/vulnerabilities/39164

https://nvd.nist.gov/vuln/detail/CVE-2007-6536

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-6536

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-6536

EUVD