Re: [Full-Disclosure] Question about the new Xupiter toolbar

From: Brian McWilliams (brian@pc-radio.com)
Date: 01/30/03

  • Next message: yossarian: "[Full-Disclosure] Was: Full Disclosure = Exploit Release - No disclosure No Fix"
    To: "Richard M. Smith" <rms@computerbytesman.com>, <full-disclosure@lists.netsys.com>
    From: Brian McWilliams <brian@pc-radio.com>
    Date: Thu, 30 Jan 2003 16:39:29 -0500
    

    At 12:40 PM 1/30/2003, Richard M. Smith wrote:
    >Hi,
    >
    >Has anyone looked into this new Xupiter toolbar to see how it is being
    >installed on people's computer? In particular is it using some IE
    >security hole for the install or does it just use the standard ActiveX
    >drive-by download mechanism?

    Richard, try it yourself? Go to

    http://www.xupiter.com/search2/install/install.html

    Even with IE set to the "default" (medium) security setting for the
    Internet zone, you should get a pop-up prompting whether you want to
    install Xupiter.

    Hardly a "driveby" download. Maybe there are other instances of the ActiveX
    out there that work differently. But I'm told that IE by default prompts
    before installing signed ActiveX.

    In other words, you have to *lower* Microsoft's default security settings
    (seldom a good idea) to get a drive-by install.

    Brian

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html



    Relevant Pages

    • RE: Video Playback Freezes / Choppy MCE 2005
      ... Richard A Miller MCE mvp ... I am now on my second clean install of WinXPMCE, ... When I play the recorded TV in Win Media player however, ...
      (microsoft.public.windows.mediacenter)
    • Re: CtHelper.exe CPU=99%
      ... Richard in Va. ... to 2 websites, msn.com and windows update. ... Reinstalled the audio card and the driver from the Gateway provided ... Did not install all the other goodies... ...
      (microsoft.public.windowsxp.general)
    • Re: Security Update KB971486 is trying to install over and over
      ... richard wrote: ... Even now, about six hours later, I still have a notification in my taskbar that I have an Update ready to install and it is still the same one I have already installed twice today. ... I tried submitting this same question to the Microsoft Windows XP forum this morning but when checking the site about 30 minutes ago I discovered my question hadn't even been posted and I noticed there were no other posts for today either which is strange in itself. ...
      (microsoft.public.windowsupdate)
    • Re: Import favorites after upgrade to XP
      ... Install, UPDATE and run. ... The only favorites I can see are> those in a very, ... > After the upgrade, by trail and error, I did get the> favorites into IE, but after shutdown they were gone. ... When I> upgraded, Richard became the administrator. ...
      (microsoft.public.windows.inetexplorer.ie6.setup)
    • Re: Lucy Re: Windows ME and updates KB 828026 and 819696
      ... "Richard" wrote in message ... > to install saying that if DX v9b was installed then ignore the ... > Lucy ... >> Web site ...
      (microsoft.public.windowsupdate)