Full Disclosure mailing list archives

Re[2]: Openware.org IE Fix - Warning

From: "phased" <phased () mail ru>
Date: Fri, 19 Dec 2003 23:53:10 +0300


stupid thread

-----Original Message-----
From: "Erik van Straten" <emvs.fd.3FB4D11C () cpo tn tudelft nl>
To: full-disclosure () lists netsys com
Date: Fri, 19 Dec 2003 21:04:47 +0100
Subject: Re: [Full-disclosure] Openware.org IE Fix - Warning


On Fri, 19 Dec 2003 14:35:43 +0000 petard wrote:
[snip]

Summary: Not only is there a stupid, possibly exploitable, buffer
overflow here, but the place I'm seeing it is in a section of the code
whose main purpose appears to be submitting information about what you
browse back to the code's authors. I'd say this is malicious... the user
is certainly not warned of this prior to downloading the patch. Since I
never executed it, I have no idea of whether or not they are warned by
an installer. Call it a trojan, call it spyware, but don't execute it.


I played with it yesterday. It also installs "LiveUpdate" which runs 
when you logon to your PC. If you uninstall IEXPatch.exe, LiveUpdate 
remains. The *.url files in the LIVEUPDATE dir point to:

http://liveupdate.openwares.org/index.html
http://liveupdate.openwares.org/Manual.htm
http://liveupdate.openwares.org/EULA.htm

Added to C:\Program Files\
12/18/03  02:55p        <DIR>          LIVEUPDATE
12/18/03  02:55p        <DIR>          Openwares IE Security Patch

Added to C:\Program Files\LIVEUPDATE\
12/18/03  02:55p        <DIR>          Bin
12/13/03  06:17p                61,440 LiveUpdate.exe
11/06/03  01:36p                61,440 Uninstall.exe
12/08/03  02:22a               143,360 Remind.ocx
12/15/03  05:27p                    66 About.url
12/15/03  05:27p                    64 EULA.url
12/15/03  05:27p                    66 Manual.url

Added to C:\Program Files\LIVEUPDATE\Bin\
[empty]

Added to C:\Program Files\Openwares IE Security Patch\
12/15/03  05:10p                53,248 OpenwaresIEPatch.dll
12/18/03  02:55p                51,520 Uninstall.exe

Cheers,
Erik

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Openware.org IE Fix - Warning Thierry (Dec 19)
- Re: Openware.org IE Fix - Warning petard (Dec 19)
  - Re: Openware.org IE Fix - Warning Erik van Straten (Dec 19)
    - Re[2]: Openware.org IE Fix - Warning phased (Dec 19)
- <Possible follow-ups>
- Re: Openware.org IE Fix - Warning Aaron Horst (Dec 19)