RE: Gator installer Plugin allows any software to be installed

From: Richard M. Smith (
Date: 02/22/02

From: "Richard M. Smith" <>
To: "'obscure'" <>, <>
Date: Fri, 22 Feb 2002 11:01:44 -0500


Good catch! It turns out that I asked Gator 2 years ago about potential
security problems in the Gator download system. See the attached
message. According to my archives, I never got a reply.

Richard M. Smith

-----Original Message-----
From: Richard M. Smith
Sent: Monday, January 17, 2000 5:17 PM
To:;; mpennell@YAHOO.COM
Cc: Richard M. Smith
Subject: A few technical questions about the Gator plugin for IE

Hi Tony Martin and Mark Pennell,
I have a few technical questions about the Gator plugin for
Internet Explorer:
1. Are there any security mechanisms built into the Gator
ActiveX control to prevent a hacker from using the control
on their own Web page to download and execute malicous
code? It appears to me from Gator installation page that
the location of the Setup Bundle file is settable using the
"server" and "rootdir" parameters.
2. What file format does a Setup Bundle file use?
3. How come ever transmission from my computer to
the server includes a GUID serial number?
GET /Cmd/Client_GetSite; HTTP/1.0
Accept: */*
User-Agent: 5D3D6420CCF311D3A67F002078900337
Script-Version: 0.2
I assume that this number is unique id number which
identifies me. It seems to contain my Ethernet
adapter address (002078900337).
4. Is this GUID serial number associated with my registration