SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Gator Vendors:   Gator Corporation
(Vendor Issues Fix) Re: Gator Plugin for Microsoft Internet Explorer Lets Remote Users Install Arbitrary Software on the User's Host
SecurityTracker Alert ID:  1003656
SecurityTracker URL:  http://securitytracker.com/id/1003656
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 25 2002
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0.6.1
Description:   Eye on Security reported a vulnerability in the Gator plugin for Internet Explorer. Remote users can install software on the user's host and gain access to the host.

It is reported that a vulnerability exists in the plugin that installs the Gator software. A remote HTML page can apparently specify the location of the Gator installation file. After the installation file is downloaded, the file is executed.

A remote user could create an HTML page which to make use of the Gator ActiveX installation component to point at a trojan file and cause that file to be installed on the user's host.

A demonstration exploit is provided in the Source Message. The exploit installs 'tini.exe', a trojan that listens for connections on port 7777. Information about this trojan is available at:

http://www.ntsecurity.nu/toolbox/tini/

The demonstration exploit example is available at

http://eyeonsecurity.net/advisories/gatorexploit

Impact:   A remote user can create an HTML page that, when loaded by another target user, will cause arbitrary code to be installed on the target user's computer.
Solution:   The vendor has released a security update, available at:

http://www.gator.com/update/

Vendor URL:  www.gator.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Feb 20 2002 Gator Plugin for Microsoft Internet Explorer Lets Remote Users Install Arbitrary Software on the User's Host



 Source Message Contents

Subject:  Gator update


Gator has released a security update.

-------------------------------------
See the vendor's web site:

  http://www.gator.com/update/

-------------------------------------

To ensure that your computer has the highest level of security, download
the Gator update patch:

1.Please click the DOWNLOAD NOW button below.


3.Choose the folder where you wish to save this program. 


5.CLOSE ALL WEB BROWSERS.

6.Go to the folder where you saved the file and double click
GatorSecurityFix.exe. This program will take a couple minutes to run and
will complete your security upgrade.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC