Bugtraq mailing list archives
RE: Gator installer Plugin allows any software to be installed
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Fri, 22 Feb 2002 11:01:44 -0500
Hi, Good catch! It turns out that I asked Gator 2 years ago about potential security problems in the Gator download system. See the attached message. According to my archives, I never got a reply. Richard M. Smith http://www.ComputerBytesMan.com -----Original Message----- From: Richard M. Smith Sent: Monday, January 17, 2000 5:17 PM To: mark () gator com; tony () gator com; mpennell () YAHOO COM Cc: Richard M. Smith Subject: A few technical questions about the Gator plugin for IE Hi Tony Martin and Mark Pennell, I have a few technical questions about the Gator plugin for Internet Explorer: 1. Are there any security mechanisms built into the Gator ActiveX control to prevent a hacker from using the control on their own Web page to download and execute malicous code? It appears to me from Gator installation page that the location of the Setup Bundle file is settable using the "server" and "rootdir" parameters. 2. What file format does a Setup Bundle file use? 3. How come ever transmission from my computer to the eguard.com server includes a GUID serial number? Example: GET /Cmd/Client_GetSite;wired.com HTTP/1.0 Accept: */* User-Agent: 5D3D6420CCF311D3A67F002078900337 Script-Version: 0.2 Product-Version: 1.1.1.1 Host: scriptserver.eguard.com I assume that this number is unique id number which identifies me. It seems to contain my Ethernet adapter address (002078900337). 4. Is this GUID serial number associated with my registration information? Thanks, Richard
Current thread:
- Gator installer Plugin allows any software to be installed obscure (Feb 22)
- RE: Gator installer Plugin allows any software to be installed Richard M. Smith (Feb 23)