I don't think many people here use junk spy ware programs like gator but if you do or know someone who does you might want to read this.

The source
http://www.snpx.com/cgi-bin/news.cgi...y/1006891.html

Gator eWallet Discloses Credit Card Numbers and Passwords to Local Users and Other Information to Remote Users
SecurityTracker Alert ID: 1006891 CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site) Date: May 31 2003
Impact: Disclosure of authentication information, Disclosure of user information
Exploit Included: Yes
Advisory: NovaPPC Security Research Group
Description: Lorenzo Manuel Hernandez Garcia-Hierro of NovaPPC Security reported that the Gator eWallet discloses credit cards and passwords to local users. In addition, the Gator Corporation backup servers disclose some user information to remote users.

It is reported that Gator eWallet stores private information, potentially including credit card numbers and passwords, on the target user's computer without encryption. The software reportedly uses Base64 encoding instead of an encryption algorith.

The following files are used to store Gator eWallet information on the local system:

mepgh.dat
mepcme.dat
meprca.dat
mepcmeft.dat
GMT.exe.manifest
meperr.dat
mepgus.dat
mepoe m.dat
mepsnd-gs.dat
mepsnd-ksa.dat
mepcat.dat
sitehash4.dat

It is also reported that a remote user can retrieve arbitrary user data files from the Gator backup servers.

A demonstration exploit is provided:

GET /scripts/xx/xxY.com.ffz HTTP/1.0
Accept: */*
X-UA: WinInet 6.0.xxxx.1, 1.1, 1.0
If-Modified-Since: Thu, 06 Apr 2000 20:00:06 GMT
User-Agent: Gator/4.1 Script 0
SLRetries: 1
SL-LastServer: xx.gator.com
SL-LastErr: 12152
SL-LastErr: 12152
From: [SPOOFED USER /REQUEST ID]
Script-Version: 0.4
Product-Version: 4.1.2.5
SL-Version: 2
RunMode: 2
Host: xxbackup.gator.com
Connection: open

In the above demonstration, 'xx' is the first two characters of the domain user data file and 'Y' is the remaining characters in the domain. The 'ffz' is the file extension of the script files used by backup server.

[Editor's note: It is not clear exactly what kind of information can be retrieved from the backup servers. We have asked for clarification and will update this alert with any new details.]

Additional information is provided (in Spanish language text) at:

http://security.novappc.com/gator-analisis
Impact: A local user can view private personal information stored in the eWallet.

A remote user can obtain some data files for arbitrary users from the eWallet backup servers (operated by Gator Corporation).
Solution: No solution was available at the time of this entry.
Vendor URL: www.gator.com/about/ (Links to External Site)
Cause: Access control error
Underlying OS: Windows (Any)
Reported By: Lorenzo Hernandez Garcia-Hierro <novappc@novappc.com>
Message History: None
Base64 can be can be converted to decimal form using the windows calculator or antionlines very own "encrypted text program" http://www.antionline.com/tools-and-toys/encrypt-text/
Or by hand if you like doing things the hard way.