| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20031219200450.C75AB97B44@cpo.tn.tudelft.nl> From: emvs.fd.3FB4D11C at cpo.tn.tudelft.nl (Erik van Straten) Subject: Openware.org IE Fix - Warning On Fri, 19 Dec 2003 14:35:43 +0000 petard wrote: [snip] > Summary: Not only is there a stupid, possibly exploitable, buffer > overflow here, but the place I'm seeing it is in a section of the code > whose main purpose appears to be submitting information about what you > browse back to the code's authors. I'd say this is malicious... the user > is certainly not warned of this prior to downloading the patch. Since I > never executed it, I have no idea of whether or not they are warned by > an installer. Call it a trojan, call it spyware, but don't execute it. I played with it yesterday. It also installs "LiveUpdate" which runs when you logon to your PC. If you uninstall IEXPatch.exe, LiveUpdate remains. The *.url files in the LIVEUPDATE dir point to: http://liveupdate.openwares.org/index.html http://liveupdate.openwares.org/Manual.htm http://liveupdate.openwares.org/EULA.htm Added to C:\Program Files\ 12/18/03 02:55p <DIR> LIVEUPDATE 12/18/03 02:55p <DIR> Openwares IE Security Patch Added to C:\Program Files\LIVEUPDATE\ 12/18/03 02:55p <DIR> Bin 12/13/03 06:17p 61,440 LiveUpdate.exe 11/06/03 01:36p 61,440 Uninstall.exe 12/08/03 02:22a 143,360 Remind.ocx 12/15/03 05:27p 66 About.url 12/15/03 05:27p 64 EULA.url 12/15/03 05:27p 66 Manual.url Added to C:\Program Files\LIVEUPDATE\Bin\ [empty] Added to C:\Program Files\Openwares IE Security Patch\ 12/15/03 05:10p 53,248 OpenwaresIEPatch.dll 12/18/03 02:55p 51,520 Uninstall.exe Cheers, Erik
Powered by blists - more mailing lists