[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: [Full-Disclosure] Openware.org IE Fix - Warning

To: full-disclosure@lists.netsys.com
Subject: Re[2]: [Full-Disclosure] Openware.org IE Fix - Warning
From: "phased" <phased@mail.ru>
Date: Fri, 19 Dec 2003 23:53:10 +0300

stupid thread

-----Original Message-----
From: "Erik van Straten" <emvs.fd.3FB4D11C@cpo.tn.tudelft.nl>
To: full-disclosure@lists.netsys.com
Date: Fri, 19 Dec 2003 21:04:47 +0100
Subject: Re: [Full-Disclosure] Openware.org IE Fix - Warning

> 
> On Fri, 19 Dec 2003 14:35:43 +0000 petard wrote:
> [snip]
> > Summary: Not only is there a stupid, possibly exploitable, buffer
> > overflow here, but the place I'm seeing it is in a section of the code
> > whose main purpose appears to be submitting information about what you
> > browse back to the code's authors. I'd say this is malicious... the user
> > is certainly not warned of this prior to downloading the patch. Since I
> > never executed it, I have no idea of whether or not they are warned by
> > an installer. Call it a trojan, call it spyware, but don't execute it.
> 
> I played with it yesterday. It also installs "LiveUpdate" which runs 
> when you logon to your PC. If you uninstall IEXPatch.exe, LiveUpdate 
> remains. The *.url files in the LIVEUPDATE dir point to:
> 
> http://liveupdate.openwares.org/index.html
> http://liveupdate.openwares.org/Manual.htm
> http://liveupdate.openwares.org/EULA.htm
> 
> Added to C:\Program Files\
> 12/18/03  02:55p        <DIR>          LIVEUPDATE
> 12/18/03  02:55p        <DIR>          Openwares IE Security Patch
> 
> Added to C:\Program Files\LIVEUPDATE\
> 12/18/03  02:55p        <DIR>          Bin
> 12/13/03  06:17p                61,440 LiveUpdate.exe
> 11/06/03  01:36p                61,440 Uninstall.exe
> 12/08/03  02:22a               143,360 Remind.ocx
> 12/15/03  05:27p                    66 About.url
> 12/15/03  05:27p                    64 EULA.url
> 12/15/03  05:27p                    66 Manual.url
> 
> Added to C:\Program Files\LIVEUPDATE\Bin\
> [empty]
> 
> Added to C:\Program Files\Openwares IE Security Patch\
> 12/15/03  05:10p                53,248 OpenwaresIEPatch.dll
> 12/18/03  02:55p                51,520 Uninstall.exe
> 
> Cheers,
> Erik
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Openware.org IE Fix - Warning
  - From: "Erik van Straten" <emvs.fd.3FB4D11C@cpo.tn.tudelft.nl>

Prev by Date: Re: [Full-Disclosure] Openware.org IE Fix - Warning
Next by Date: Re: [Full-Disclosure] [Exploit]: DameWare Mini Remote Control Server Overflow Exploit
Previous by thread: Re: [Full-Disclosure] Openware.org IE Fix - Warning
Next by thread: [Full-Disclosure] MDKSA-2003:118 - Updated XFree86 packages fix xdm vulnerability
Index(es):
- Date
- Thread