RE: Re[2]: A possible "new ?" DOS exploit with IE

["Samuel Petreski" <petreski () ksu edu>]

I tried doing this on Excel 2003 and all it does it opens a new Outlook
message window. What version of Office are you running?

--Samuel

-----Original Message-----
From: Danny Messano [mailto:danny () logicalcomputing net] 
Sent: Wednesday, July 14, 2004 7:38 PM
To: Claude Petit
Cc: security-basics () securityfocus com
Subject: Re[2]: A possible "new ?" DOS exploit with IE

In this case, "The Bat!"

It's particularly fun with Office.  When I am working on Excel spreadsheets
with e-mail addresses in them, highlight a cell with an address in it, then
click again to edit, it opens the hyperlink and gives me the screens and
screens of IE popups.  

The number of IE popups in my experience is NOT infinite.  It is large, but
definitely finite.  I'd guess on the order of maybe 60 or so.   On a slow
machine, its nearly impossible to get to task manager and kill IEXPLORE.  I
usually have to just reset the box.  On a fast machine, I just kill IE and
go on living.  

Danny Messano

Wednesday, July 14, 2004, 9:16:38 PM, you wrote:

CP> What was this client ?

CP> -----Message d'origine-----
CP> De : Danny Messano [mailto:danny () logicalcomputing net]
CP> Envoye : July 14, 2004 17:49
CP> A : Claude Petit
CP> Cc : security-basics () securityfocus com;
CP> security-basics-return-29248-danny=logicalcomputing.net () securityfocus co
CP> m
CP> Objet : Re: A possible "new ?" DOS exploit with IE


CP> I noticed it if you install outlook, then install another client and
make it
CP> the default, and click a mailto, it does the same thing.

CP> I havent actually checked the registry to see what keys are missing or
CP> changed.

CP> Danny Messano

CP> Tuesday, July 13, 2004, 7:27:05 PM, you wrote:

CP>> Hi,

CP>> I'm new in security. By tuning my windows 2000 system to remove all
CP>> undesired and "dangerous" url protocol handlers (like telnet:), I
CP> discovered
CP>> a strange behavior with IE. To begin, I have Windows 2000 Pro SP4 +
CP> actual
CP>> hotfixes and IE SP1 + actual hotfixes installed. What I did that caused
CP> the
CP>> problem is to remove the value named "URL Protocol" in the registry key
CP>> "HKEY_CLASSES_ROOT\mailto". I did it to prevent malicious html pages to
CP>> launches many new email message windows with the use of image tags
CP> (<IMG>)
CP>> or something else. After I removed this value, I ran "mailto:"; from
Start->>>Run. Nothing was happening, but after some seconds, multiple IE
CP>> windows were launched in an infinite loop. I don't think it's
CP> exploitable
CP>> unless the destination system have this value removed from the
registry,
CP> but
CP>> I'm not sure.



CP>> Claude Petit


CP>>
------------------------------------------------------------------------
CP> ---
CP>> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
CP> off
CP>> any course! All of our class sizes are guaranteed to be 10 students or
CP> less
CP>> to facilitate one-on-one interaction with one of our expert
instructors.
CP>> Attend a course taught by an expert instructor with years of
CP> in-the-field
CP>> pen testing experience in our state of the art hacking lab. Master the
CP> skills
CP>> of an Ethical Hacker to better assess the security of your
organization.
CP>> Visit us at:
CP>> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
CP>>
------------------------------------------------------------------------
CP> ----




CP> --

CP> Best regards,

CP> Danny Messano
CP> Owner
CP> Logical Computing
CP> http://www.logicalcomputing.net






-- 

Best regards,

Danny Messano
Owner
Logical Computing
http://www.logicalcomputing.net




---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------