• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Gator Insecure ActiveX Control Vulnerability

Gator is a software package for Windows computers designed to automatically populate web based forms.

Gator is installed through an ActiveX control, which downloads and executes an installation program from the Gator web site. This ActiveX control remains installed after the Gator installation is complete.

It has been reported that this ActiveX control may be passed a url to any file named 'setup.ex_', and may be called by arbitrary web pages. A malicous web page may use this control to download and execute arbitrary code on a vulnerable client machine. User interaction is not required.

Earlier versions of Gator may also contain this insecure component.