The vulnerability also would have allowed an attacker to compromise the "Search Across Computers" feature in Google Desktop that allows a user to search for information stored on his computer from any other Internet-connected system via his Google account. The feature requires information from a personal desktop to be stored on Google's servers and can be compromised to allow attackers unfettered access to the information, Allan said.

Though the specific vulnerability identified by Watchfire has been fixed, the tight integration between Google Desktop and Google.com continues to pose a security problem, he said. For instance, when searching the Web for information via Google.com, desktop search results are also injected into the response by Google Desktop, the Watchfire white paper noted. The feature, while potentially useful, gives attackers a way to break into systems via the Google.com site, the paper noted.

The threat is mitigated somewhat in current Google Desktop versions because the integration of Google desktop results in a Web search is optional, the white paper noted. It can also be disabled on current Desktop versions.

However, a Desktop link that is associated with the search box on Google.com and that can't be disabled by users can also provide an entry point to a system, the white paper noted. "Since Google Desktop can access highly sensitive information, the possible impact of an external malicious access to Google Desktop's Web interface is far-reaching," the paper said.

In an e-mailed statement, a Google spokesman said that the company had been notified by Watchfire of a "potential vulnerability, which requires an attacker to first find and attack a vulnerability in Google.com. A fix was developed quickly, and users are being automatically updated with the patch. In addition, we have another layer of security checks to the latest version of Google Desktop to protect users from similar vulnerabilities in the future," he said.