Bugtraq mailing list archives
Re: Minor IE vulnerability: about: URLs
From: Julian Hall <jules () acris co uk>
Date: Tue, 23 Oct 2001 18:45:15 +0100
Nick FitzGerald wrote:
Users just *may* be able to control handling of "about:" URLs (at
least insofar as breaking them completely counts as "controlling
them" 8-) ). There is a registry key:
HKCR\PROTOCOLS\Handler\about
which in the fairly default install of IE 5.5 on this machine holds
two values -- an empty default value and a CLSID string value set to
{3050F406-98B5-11CF-BB82-00AA00BDCE0B}. In HKCR\CLSID that CLSID is
described as "Microsoft HTML About Pluggable Protocol" and (not
surprisingly) an InProcServer of "%SystemRoot%\System32\mshtml.dll".
I imagine you could munge either the InProcServer value of the CLSID
to break all references to the about: protocol called through a CLSID
reference or just munge the CLSID value in the Protocol\about key to
break calls to the about: protocol via the approved mechanisms for
protocol handling.
Another approach would be to write your own version of the about: protocol module, and point the server to your implementation DLL. Non-vendor-approved patch, anyone? :-)
Current thread:
- Minor IE vulnerability: about: URLs Clover Andrew (Oct 19)
- Re: Minor IE vulnerability: about: URLs Nick FitzGerald (Oct 19)
- Re: Minor IE vulnerability: about: URLs Julian Hall (Oct 23)
- Re: Minor IE vulnerability: about: URLs Pedro Miller Rabinovitch (Oct 19)
- Re: Minor IE vulnerability: about: URLs Simon Kornblith (Oct 20)
- <Possible follow-ups>
- Re: Minor IE vulnerability: about: URLs Clover Andrew (Oct 24)
- Re: Minor IE vulnerability: about: URLs Nick FitzGerald (Oct 19)