Gator Installer Plugin Allows Any Software to be Installed Remotely

Kr0m

OSNN Veteran Addict
#1
Gator installer plugin for Internet Explorer (GAIN) suffers from a security hole that allows an attacker to install any software without the user's knowledge or need of interaction

Vulnerable systems:
Gator version 3.0.6.1

The issue here is that any HTML page can specify the location of the Gator installation file. The installation file is downloaded, and then it is checked for the filename. If the filename is setup.ex_, it is then decompressed and executed. If the file is not compressed it will still execute it. Of course using this method, a malicious user can easily create an HTML page that makes use of the rogue ActiveX component to point at a Trojan file.


I refuse to show the link to where I got this information publicly as it shows the details of the exploit. Contact me if you want more information.
 

Qumahlin

OSNN Veteran Addict
#2
Has anyone here actually USED gator for anything useful? alot of anti-virus companies now classify it as a trojan...which is basically all it is anyway, just more spyware they people unknowingly install.
 

Perris Calderon

Administrator
Staff member
Political User
#3
I don't think anyone that knows enough to post on an information forum would have anything to do with gator, so you're asking in the wrong place
 
D

dickow

Guest
#4
I like Gator

What's the big deal? Gator is a very handy utility on my setups, and I've been using it for quite a while. It saves me lots of trouble, and no headaches, no ads, etc. Does just what I want it to do.

Bob
 
D

dickow

Guest
#7
Gator

I've done a little research. Gator no longer installs the evil install file, it was from eons ago, and few people probably have it.

The alledged 'spyware' features of Gator do not seem to actually exist. Nor does it 'pop up' ads, and if it does, my firewall/AdSubtract combo kills all pop up ads anyway without having to set up any barred IPs or anything like that.

So...in the end, I'm quite happy with Gator.

Bob
 

Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,970
Messages
673,298
Members
89,016
Latest member
Poseeut