Kr0m
OSNN Veteran Addict
- Joined
- 4 Dec 2001
- Messages
- 1,392
Gator installer plugin for Internet Explorer (GAIN) suffers from a security hole that allows an attacker to install any software without the user's knowledge or need of interaction
Vulnerable systems:
Gator version 3.0.6.1
The issue here is that any HTML page can specify the location of the Gator installation file. The installation file is downloaded, and then it is checked for the filename. If the filename is setup.ex_, it is then decompressed and executed. If the file is not compressed it will still execute it. Of course using this method, a malicious user can easily create an HTML page that makes use of the rogue ActiveX component to point at a Trojan file.
I refuse to show the link to where I got this information publicly as it shows the details of the exploit. Contact me if you want more information.
Vulnerable systems:
Gator version 3.0.6.1
The issue here is that any HTML page can specify the location of the Gator installation file. The installation file is downloaded, and then it is checked for the filename. If the filename is setup.ex_, it is then decompressed and executed. If the file is not compressed it will still execute it. Of course using this method, a malicious user can easily create an HTML page that makes use of the rogue ActiveX component to point at a Trojan file.
I refuse to show the link to where I got this information publicly as it shows the details of the exploit. Contact me if you want more information.