Gator Installer Plugin Allows Any Software to be Installed Remotely

Kr0m

Kr0m

OSNN Veteran Addict
Joined
4 Dec 2001
Messages
1,392
Gator installer plugin for Internet Explorer (GAIN) suffers from a security hole that allows an attacker to install any software without the user's knowledge or need of interaction

Vulnerable systems:
Gator version 3.0.6.1

The issue here is that any HTML page can specify the location of the Gator installation file. The installation file is downloaded, and then it is checked for the filename. If the filename is setup.ex_, it is then decompressed and executed. If the file is not compressed it will still execute it. Of course using this method, a malicious user can easily create an HTML page that makes use of the rogue ActiveX component to point at a Trojan file.


I refuse to show the link to where I got this information publicly as it shows the details of the exploit. Contact me if you want more information.
 
Q

Qumahlin

OSNN Veteran Addict
Joined
6 Dec 2001
Messages
2,006
Has anyone here actually USED gator for anything useful? alot of anti-virus companies now classify it as a trojan...which is basically all it is anyway, just more spyware they people unknowingly install.
 
Perris Calderon

Perris Calderon

dealer
Staff member
Political Access
Joined
24 Jan 2002
Messages
12,391
I don't think anyone that knows enough to post on an information forum would have anything to do with gator, so you're asking in the wrong place
 
D

dickow

Guest
I like Gator

What's the big deal? Gator is a very handy utility on my setups, and I've been using it for quite a while. It saves me lots of trouble, and no headaches, no ads, etc. Does just what I want it to do.

Bob
 
D

dickow

Guest
Gator

I've done a little research. Gator no longer installs the evil install file, it was from eons ago, and few people probably have it.

The alledged 'spyware' features of Gator do not seem to actually exist. Nor does it 'pop up' ads, and if it does, my firewall/AdSubtract combo kills all pop up ads anyway without having to set up any barred IPs or anything like that.

So...in the end, I'm quite happy with Gator.

Bob
 
You must log in or register to reply here.

Members online

No members online now.
Total: 350 (members: 0, guests: 350)

Affiliates

lunarsoft.net techzonez.com

- Contact us to trade links -

OSNN OSNN NTFS XP-erience

Latest profile posts

Xie
Xie Electronic Punk Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. 🙁

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
•••
N
Nismo83
hello peeps... is been some time since i last came here.
•••
Electronic Punk
Electronic Punk Sazar Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
•••
Terrahertz
Terrahertz Electronic Punk Terrahertz wrote on Electronic Punk's profile.
Yo fellas!
•••
Electronic Punk
Electronic Punk Sazar Electronic Punk wrote on Sazar's profile.
Where are you buddy?
•••

Forum statistics

Threads
62,017
Messages
673,508
Members
5,635
Latest member
gosthe
Back