stupid thread -----Original Message----- From: "Erik van Straten" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Fri, 19 Dec 2003 21:04:47 +0100 Subject: Re: [Full-Disclosure] Openware.org IE Fix - Warning
> > On Fri, 19 Dec 2003 14:35:43 +0000 petard wrote: > [snip] > > Summary: Not only is there a stupid, possibly exploitable, buffer > > overflow here, but the place I'm seeing it is in a section of the code > > whose main purpose appears to be submitting information about what you > > browse back to the code's authors. I'd say this is malicious... the user > > is certainly not warned of this prior to downloading the patch. Since I > > never executed it, I have no idea of whether or not they are warned by > > an installer. Call it a trojan, call it spyware, but don't execute it. > > I played with it yesterday. It also installs "LiveUpdate" which runs > when you logon to your PC. If you uninstall IEXPatch.exe, LiveUpdate > remains. The *.url files in the LIVEUPDATE dir point to: > > http://liveupdate.openwares.org/index.html > http://liveupdate.openwares.org/Manual.htm > http://liveupdate.openwares.org/EULA.htm > > Added to C:\Program Files\ > 12/18/03 02:55p <DIR> LIVEUPDATE > 12/18/03 02:55p <DIR> Openwares IE Security Patch > > Added to C:\Program Files\LIVEUPDATE\ > 12/18/03 02:55p <DIR> Bin > 12/13/03 06:17p 61,440 LiveUpdate.exe > 11/06/03 01:36p 61,440 Uninstall.exe > 12/08/03 02:22a 143,360 Remind.ocx > 12/15/03 05:27p 66 About.url > 12/15/03 05:27p 64 EULA.url > 12/15/03 05:27p 66 Manual.url > > Added to C:\Program Files\LIVEUPDATE\Bin\ > [empty] > > Added to C:\Program Files\Openwares IE Security Patch\ > 12/15/03 05:10p 53,248 OpenwaresIEPatch.dll > 12/18/03 02:55p 51,520 Uninstall.exe > > Cheers, > Erik > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
