https://www.exploit-db.com/exploits/24607
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-1194

GoogleToolbar是集成于IE的工具条，方便用户搜索。GoogleToolbar存在一个输入验证问题，远程攻击者可以利用这个漏洞进行跨站脚本攻击，获得用户敏感信息。工具栏的’About’段不正确过滤HTML代码，用户可以建立一HTML，当被目标用户装载时，会调用’About’页面，在页面上下问执行任意脚本代码。

source: http://www.securityfocus.com/bid/11210/info

Google Toolbar is reported prone to a HTML injection vulnerability. It is reported that the Google Toolbar 'ABOUT.HTML' page allows the injection of HTML and JavaScript code.

This vulnerability may allow an attacker to inject malicious HTML and script code into the about page of the vulnerable application.

<s c r i p t>
window.showModalDialog("res://C:\Program%20Files\Google\GoogleToolbar1.dll/ABOUT.HTML",
"<div style="background-image:
url(javascript:alert(location.href));">");
</s c r i p t>

来源:XF
名称:google-toolbar-about-code-execution(17435)
链接:http://xforce.iss.net/xforce/xfdb/17435
来源:BID
名称:11210
链接:http://www.securityfocus.com/bid/11210
来源:OSVDB
名称:10037
链接:http://www.osvdb.org/10037
来源:SECTRACK
名称:1011351
链接:http://securitytracker.com/id?1011351
来源:FULLDISC
名称:20040918Re:GoogleToolbar:About–AllowsScriptInjection
链接:http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0639.html
来源:FULLDISC
名称:20040918Re:GoogleToolbar:About–AllowsScriptInjection
链接:http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0629.html
来源:BUGTRAQ
名称:20040917GoogleToolbar:About–AllowsScriptInjection
链接:http://archives.neohapsis.com/archives/bugtraq/2004-09/0226.html
来源：NSFOCUS
名称：6907
链接：http://www.nsfocus.net/vulndb/6907