Very serious XSS threat patched up

Watchfire published a document outlining the anatomy of an attack malicious users could have used to search documents or even take complete control of a remote machine with.  According to the AP, this attack cannot be prevented with firewalls or detected with antivirus software.

"a hacker would have had free reign to use Google Desktop to search the victim's machine — or multiple compromised machines at once — and possibly to take full control of the computer, according to Watchfire. Watchfire's founder and chief technical officer, Mike Weider, said the attack would have gone undetected by firewalls or antivirus software. "

This problem, affecting Google Desktop, is a lot more serious than other XSS vulnerabilities that have affected Google recently -- and it took quite a bit longer to fix too (it was reported on January 4th).

A Google spokesperson says they don't have information to suggest the hole was ever exploited -- but like Philipp says, that doesn't necessarily mean much.