A bug in Internet Explorer could allow hackers to scan hard drives using Google Desktop.

According to an Israeli hacker Matan Gillon a flaw in the way Explorer processes web pages could give access to the desktop search engine and hence access to sensitive information with the right search string. He has posted a proof of concept exploit.

"Google Desktop users who use IE are currently completely exposed," said Gillon. "An experienced attacker can covertly harvest their hard drives for sensitive information such as passwords and credit card numbers. Since Google also indexes e-mails which can be read in the web interface itself, it's also possible to access them using this attack."

The bug is in the way Explorer processes CSS and requires users to be tricked into visited a malicious website. It doesn't impact other browsers and can be prevented by turning off JavaScript. There is also the risk of a combined attack using different bugs for a hacker to gain full system access.

Microsoft is in the process of producing a patch before the problem becomes widespread.