A bug in Internet Explorer could allow hackers to scan hard drives using Google Desktop.
According to an Israeli hacker Matan Gillon a flaw in the way Explorer processes web pages could give access to the desktop search engine and hence access to sensitive information with the right search string. He has posted a proof of concept exploit.
"Google Desktop users who use IE are currently completely exposed," said Gillon. "An experienced attacker can covertly harvest their hard drives for sensitive information such as passwords and credit card numbers. Since Google also indexes e-mails which can be read in the web interface itself, it's also possible to access them using this attack."
Microsoft is in the process of producing a patch before the problem becomes widespread.