According to a statement issued Monday by the Web search company, it has rolled out a fix for the vulnerability. The flaw in the tool was discovered in late November by a Rice University computer scientist and two of his students.
The New York Times was the first to post about this flaw. They discovered that the Google desktop tool looks for traffic that appears to be going to Google.com and then inserts results from a user's hard disk for a particular search. But it is possible to trick the application into inserting those results into other Web pages where an attacker could read them.
This would only work after a user had visited an attacker's Web site, upon which a Java program (as created by the Rice group) would be able to fool the Google desktop software into providing the user's search information. The program was able to do anything with the results, including transmitting them back to the attacking site.
Its great news to hear this problem getting fixed right away, as the potential for some kind of malicious exploit - such as a virus - to be written was a great worry.