Bugtraq mailing list archives
Registry Fix For Variant of Scob
From: "Drew Copley" <dcopley () eEye com>
Date: Fri, 2 Jul 2004 14:32:56 -0700
About the same time Jelmer found the adodb bug, http-equiv found a similiar issue with the object "Shell.Application". This issue has also been unfixed for the past ten months. Unfortunately, Microsoft has not taken the "hint" and not fixed this issue either. Jelmer has noted this and made a proof of concept exploit page here: http://62.131.86.111/security/idiots/malware2k/installer.htm The below registry file will protect you from this exploit by kill biting "Shell.Application" variant. <-------------------------------------------> Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{13709620-C279-11CE-A49E-444553540000}] "Compatibility Flags"=dword:00000400 <--------------------------------------------> I will be updating our free fix download here: http://www.eeye.com/html/research/alerts/AL20040610.html This will break some hta scripts that might be used for management. It may cause some incompatibility issues with some programs. Shell.Application is commonly used by administrators for administration of systems via Visual basic script or WSH. It may have other uses. It is kind of Microsoft's answer to shell script -- though not as happy as batch.
Current thread:
- Registry Fix For Variant of Scob Drew Copley (Jul 03)
- <Possible follow-ups>
- RE: Registry Fix For Variant of Scob Thor Larholm (Jul 05)
- RE: Registry Fix For Variant of Scob Jelmer (Jul 06)
- RE: Registry Fix For Variant of Scob Drew Copley (Jul 06)
- Re: Registry Fix For Variant of Scob http-equiv () excite com (Jul 06)