Full Disclosure mailing list archives
Re: Openware.org IE Fix - Warning
From: "Erik van Straten" <emvs.fd.3FB4D11C () cpo tn tudelft nl>
Date: Fri, 19 Dec 2003 21:04:47 +0100
On Fri, 19 Dec 2003 14:35:43 +0000 petard wrote: [snip]
Summary: Not only is there a stupid, possibly exploitable, buffer overflow here, but the place I'm seeing it is in a section of the code whose main purpose appears to be submitting information about what you browse back to the code's authors. I'd say this is malicious... the user is certainly not warned of this prior to downloading the patch. Since I never executed it, I have no idea of whether or not they are warned by an installer. Call it a trojan, call it spyware, but don't execute it.
I played with it yesterday. It also installs "LiveUpdate" which runs when you logon to your PC. If you uninstall IEXPatch.exe, LiveUpdate remains. The *.url files in the LIVEUPDATE dir point to: http://liveupdate.openwares.org/index.html http://liveupdate.openwares.org/Manual.htm http://liveupdate.openwares.org/EULA.htm Added to C:\Program Files\ 12/18/03 02:55p <DIR> LIVEUPDATE 12/18/03 02:55p <DIR> Openwares IE Security Patch Added to C:\Program Files\LIVEUPDATE\ 12/18/03 02:55p <DIR> Bin 12/13/03 06:17p 61,440 LiveUpdate.exe 11/06/03 01:36p 61,440 Uninstall.exe 12/08/03 02:22a 143,360 Remind.ocx 12/15/03 05:27p 66 About.url 12/15/03 05:27p 64 EULA.url 12/15/03 05:27p 66 Manual.url Added to C:\Program Files\LIVEUPDATE\Bin\ [empty] Added to C:\Program Files\Openwares IE Security Patch\ 12/15/03 05:10p 53,248 OpenwaresIEPatch.dll 12/18/03 02:55p 51,520 Uninstall.exe Cheers, Erik _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Openware.org IE Fix - Warning Thierry (Dec 19)
- Re: Openware.org IE Fix - Warning petard (Dec 19)
- Re: Openware.org IE Fix - Warning Erik van Straten (Dec 19)
- Re[2]: Openware.org IE Fix - Warning phased (Dec 19)
- Re: Openware.org IE Fix - Warning Erik van Straten (Dec 19)
- <Possible follow-ups>
- Re: Openware.org IE Fix - Warning Aaron Horst (Dec 19)
- Re: Openware.org IE Fix - Warning petard (Dec 19)