Gator Installer Plugin Allows Any Software to be Installed Remotely

Discussion in 'Windows Desktop Systems' started by Kr0m, Mar 16, 2002.

  1. Kr0m

    Kr0m Moderator

    Turtle Island
    Gator installer plugin for Internet Explorer (GAIN) suffers from a security hole that allows an attacker to install any software without the user's knowledge or need of interaction

    Vulnerable systems:
    Gator version

    The issue here is that any HTML page can specify the location of the Gator installation file. The installation file is downloaded, and then it is checked for the filename. If the filename is setup.ex_, it is then decompressed and executed. If the file is not compressed it will still execute it. Of course using this method, a malicious user can easily create an HTML page that makes use of the rogue ActiveX component to point at a Trojan file.

    I refuse to show the link to where I got this information publicly as it shows the details of the exploit. Contact me if you want more information.
  2. Qumahlin

    Qumahlin Moderator

    Has anyone here actually USED gator for anything useful? alot of anti-virus companies now classify it as a trojan...which is basically all it is anyway, just more spyware they people unknowingly install.
  3. Perris Calderon

    Perris Calderon Moderator Staff Member Political User

    new york
    I don't think anyone that knows enough to post on an information forum would have anything to do with gator, so you're asking in the wrong place
  4. dickow

    dickow Guest

    I like Gator

    What's the big deal? Gator is a very handy utility on my setups, and I've been using it for quite a while. It saves me lots of trouble, and no headaches, no ads, etc. Does just what I want it to do.

  5. xsivforce

    xsivforce Prodigal Son Folding Team

    Texas, USA
    We know. We are watching your desktop right now. ;)
  6. toolfool719

    toolfool719 Guest

  7. dickow

    dickow Guest


    I've done a little research. Gator no longer installs the evil install file, it was from eons ago, and few people probably have it.

    The alledged 'spyware' features of Gator do not seem to actually exist. Nor does it 'pop up' ads, and if it does, my firewall/AdSubtract combo kills all pop up ads anyway without having to set up any barred IPs or anything like that. the end, I'm quite happy with Gator.