[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Openware.org IE Fix - Warning
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] Openware.org IE Fix - Warning
- From: "Erik van Straten" <emvs.fd.3FB4D11C@cpo.tn.tudelft.nl>
- Date: Fri, 19 Dec 2003 21:04:47 +0100
On Fri, 19 Dec 2003 14:35:43 +0000 petard wrote:
[snip]
> Summary: Not only is there a stupid, possibly exploitable, buffer
> overflow here, but the place I'm seeing it is in a section of the code
> whose main purpose appears to be submitting information about what you
> browse back to the code's authors. I'd say this is malicious... the user
> is certainly not warned of this prior to downloading the patch. Since I
> never executed it, I have no idea of whether or not they are warned by
> an installer. Call it a trojan, call it spyware, but don't execute it.
I played with it yesterday. It also installs "LiveUpdate" which runs
when you logon to your PC. If you uninstall IEXPatch.exe, LiveUpdate
remains. The *.url files in the LIVEUPDATE dir point to:
http://liveupdate.openwares.org/index.html
http://liveupdate.openwares.org/Manual.htm
http://liveupdate.openwares.org/EULA.htm
Added to C:\Program Files\
12/18/03 02:55p <DIR> LIVEUPDATE
12/18/03 02:55p <DIR> Openwares IE Security Patch
Added to C:\Program Files\LIVEUPDATE\
12/18/03 02:55p <DIR> Bin
12/13/03 06:17p 61,440 LiveUpdate.exe
11/06/03 01:36p 61,440 Uninstall.exe
12/08/03 02:22a 143,360 Remind.ocx
12/15/03 05:27p 66 About.url
12/15/03 05:27p 64 EULA.url
12/15/03 05:27p 66 Manual.url
Added to C:\Program Files\LIVEUPDATE\Bin\
[empty]
Added to C:\Program Files\Openwares IE Security Patch\
12/15/03 05:10p 53,248 OpenwaresIEPatch.dll
12/18/03 02:55p 51,520 Uninstall.exe
Cheers,
Erik
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html