Gator Installer Plugin Allows Any Software to be Installed Remotely


OSNN Veteran Addict
Gator installer plugin for Internet Explorer (GAIN) suffers from a security hole that allows an attacker to install any software without the user's knowledge or need of interaction

Vulnerable systems:
Gator version

The issue here is that any HTML page can specify the location of the Gator installation file. The installation file is downloaded, and then it is checked for the filename. If the filename is setup.ex_, it is then decompressed and executed. If the file is not compressed it will still execute it. Of course using this method, a malicious user can easily create an HTML page that makes use of the rogue ActiveX component to point at a Trojan file.

I refuse to show the link to where I got this information publicly as it shows the details of the exploit. Contact me if you want more information.


OSNN Veteran Addict
Has anyone here actually USED gator for anything useful? alot of anti-virus companies now classify it as a trojan...which is basically all it is anyway, just more spyware they people unknowingly install.

Perris Calderon

Staff member
Political User
I don't think anyone that knows enough to post on an information forum would have anything to do with gator, so you're asking in the wrong place


I like Gator

What's the big deal? Gator is a very handy utility on my setups, and I've been using it for quite a while. It saves me lots of trouble, and no headaches, no ads, etc. Does just what I want it to do.




I've done a little research. Gator no longer installs the evil install file, it was from eons ago, and few people probably have it.

The alledged 'spyware' features of Gator do not seem to actually exist. Nor does it 'pop up' ads, and if it does, my firewall/AdSubtract combo kills all pop up ads anyway without having to set up any barred IPs or anything like that. the end, I'm quite happy with Gator.


Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
What a long strange trip it's been. =)

Forum statistics

Latest member