lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <E1AXRcU-00073v-00.phased-mail-ru@f23.mail.ru>
From: phased at mail.ru ("phased" )
Subject: Openware.org IE Fix - Warning

stupid thread

-----Original Message-----
From: "Erik van Straten" <emvs.fd.3FB4D11C@....tn.tudelft.nl>
To: full-disclosure@...ts.netsys.com
Date: Fri, 19 Dec 2003 21:04:47 +0100
Subject: Re: [Full-Disclosure] Openware.org IE Fix - Warning

> 
> On Fri, 19 Dec 2003 14:35:43 +0000 petard wrote:
> [snip]
> > Summary: Not only is there a stupid, possibly exploitable, buffer
> > overflow here, but the place I'm seeing it is in a section of the code
> > whose main purpose appears to be submitting information about what you
> > browse back to the code's authors. I'd say this is malicious... the user
> > is certainly not warned of this prior to downloading the patch. Since I
> > never executed it, I have no idea of whether or not they are warned by
> > an installer. Call it a trojan, call it spyware, but don't execute it.
> 
> I played with it yesterday. It also installs "LiveUpdate" which runs 
> when you logon to your PC. If you uninstall IEXPatch.exe, LiveUpdate 
> remains. The *.url files in the LIVEUPDATE dir point to:
> 
> http://liveupdate.openwares.org/index.html
> http://liveupdate.openwares.org/Manual.htm
> http://liveupdate.openwares.org/EULA.htm
> 
> Added to C:\Program Files\
> 12/18/03  02:55p        <DIR>          LIVEUPDATE
> 12/18/03  02:55p        <DIR>          Openwares IE Security Patch
> 
> Added to C:\Program Files\LIVEUPDATE\
> 12/18/03  02:55p        <DIR>          Bin
> 12/13/03  06:17p                61,440 LiveUpdate.exe
> 11/06/03  01:36p                61,440 Uninstall.exe
> 12/08/03  02:22a               143,360 Remind.ocx
> 12/15/03  05:27p                    66 About.url
> 12/15/03  05:27p                    64 EULA.url
> 12/15/03  05:27p                    66 Manual.url
> 
> Added to C:\Program Files\LIVEUPDATE\Bin\
> [empty]
> 
> Added to C:\Program Files\Openwares IE Security Patch\
> 12/15/03  05:10p                53,248 OpenwaresIEPatch.dll
> 12/18/03  02:55p                51,520 Uninstall.exe
> 
> Cheers,
> Erik
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ