Researcher Finds Code Execution Flaw in Google Earth

Ucha Gobejishvili provided a proof-of-concept to demonstrate his findings

A code execution vulnerability was identified by Georgian security researcher Ucha Gobejishvili in the popular Google Earth application.

Most internauts have utilized Google Earth at least once for the maps and other geographical information it provides. The satellite view is another great feature that attracts users, but what many don’t know is that the program contains a flaw that could be taken advantage of by cybercrooks.

The expert demonstrated how a local attacker could leverage a security hole to execute a piece of malicious code.

The flaw can be reproduced by opening the program and clicking on the Placemark button. Instead of a legitimate Place parameter, an arbitrary code can be inserted and run.

The demonstration code utilized by the researcher is the following:

<A HREF="javascript:document.location=''">XSS</A><marquee>Georgia</marquee>

The proof-of-concept clearly shows how an ill-intended hacker could run a piece of code or open a website. In the screenshot provided by Gobejishvili a regular website is opened, but that can easily be replaced with any other element.

Since the issue affected all versions of Google Earth, the vendor has been notified and hopefully the issue will be addressed. We’ll return with more information as soon as it’s made available.

This is not the first time Ucha Gobejishvili finds security holes in a popular application. A few days ago he identified a buffer overflow in Gretech’s GOM Player, which he demonstrated with a great proof-of-concept video.

Other vulnerabilities he discovered were present in Adobe’s official site, the popular instant messaging application Skype, Google, and many other high-profile websites.

We’ve also had a great interview with the researcher as part of our Hackers around the world series, in which he shared a lot of interesting aspects of both his personal and his professional life.

Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.

Hot right now  ·  Latest news