[WEB SECURITY] windows IE plugin update - threat
sammyciscoindia at yahoo.com
Fri May 27 01:47:56 EDT 2005
I have a doubt regarding the software updating mechanism of a Software ( ie plugin) that i was auditing recently .
This software has a /latest.cab located on a web server .
The Dll of the plugin creates a windows registry entry which sets the CODEBASE value as
whenever any user is conected to the net it checks for the MD5 checksum if that is canged the updates are taken care of .....
from a security point of view is that a flaw or is it some thing that every vendor does in order to get updates ......????
>From where i can see that a code can be written to change this URL to ....www.hackerssite.com/malacious/dowhatever and just because your system trusts the programe that you have installed ........it does what it wants .
I understand that it is a combination of a systems and application vulnerability .......where sytem is windows and application is the plugin that the user has installed ...
Is thr a better way to programe this product/application to get its updates ......or it is better left as it is ?
Any thoughts are welcome ;-)
Do You Yahoo!?
Yahoo! Small Business - Try our new Resources site!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity