A code Execution vulnerability in Google Earth application was identified by Security Researcher Ucha Gobejishvili (also known as longrifle0x). The researcher demonstrated the attack in his own blog.
The PlaceMark field in the app is found to be vulnerable and allows an attacker to run javascript code. Hacker demonstrated the attack by inserting the following code:
<A HREF="javascript:document.location='http://www.secday.blogspot.com/'">XSS</A><marquee>Georgia</marquee>The above tag will execute the script and load the secday.blogspot.com.
