Google Apps 'googleapps.url.mailto' Handler Command Injection Vulnerability

Google Apps 'googleapps.url.mailto' Handler Command Injection Vulnerability

Google Apps is prone to a vulnerability that lets attackers inject commands through a protocol handler. This issue occurs because the application fails to adequately sanitize user-supplied input.

Exploiting this issue would permit remote attackers to inject and execute commands with the privileges of a user running the application. An attacker can launch arbitrary applications from the local computer or an accessible network share.

This issue is reported to affect Google Apps 1.1.110.6031 when used with Microsoft Internet Explorer 7 and Google Chrome 2.0.172.43