Infoworld talks about a security hole that Researchers at Rice University found in Google’s desktop search engine, that could allow third parties to access users’ search result summaries thus providing a sneak peek at part of the content of personal files. Google it seems has already fixed the issue at hand. To check make sure you are running the new version (number 121004, indicating Dec. 10 2004, or later).
To be affected, a user would have to visit a Web site where an attacker has embedded a particular Java applet. The applet makes certain network connections that trick Google Desktop into integrating a users local search results with results from an online search. When users visit the compromised site, the applet reads their local search result summaries and sends them back to the attackers server.