Full Disclosure mailing list archives
Re: iDefense Security Advisory 10.09.07:Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow
From: gjgowey () tmo blackberry net
Date: Wed, 10 Oct 2007 08:37:33 +0000
If you want to do one better make sure to run ccleaner after deleting any registry key to nuke any registry keys that may have been relying on it. Run ccleaner 2-3 times and you'll save yourself from a world of hurt. Geoff Sent from my BlackBerry wireless handheld. -----Original Message----- From: Nick FitzGerald <nick () virus-l demon co uk> Date: Wed, 10 Oct 2007 21:15:57 To:vulnwatch () vulnwatch org, full-disclosure () lists grok org uk,bugtraq () securityfocus com Subject: Re: [Full-disclosure] iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow iDefense Labs wrote: <<...>>
V. WORKAROUND Deleting the all sub-keys of the following registry keys will remove the 'news' and 'snews' protocol handlers: HKEY_CLASSES_ROOT\news\shell HKEY_CLASSES_ROOT\snews\shell
If you want to do a thorough job of such mitigation as a Q&D fix, you may also need to nuke the HKEY_CLASSES_ROOT\nntp\shell entry. I can't easily test the viability of exploiting this via an nntp:// URI just now, but "nntp" is normally registered (at least with OE -- can someone check for Windows Mail?) with exactly the same sub-keys and values as the "news" and "snews" URI handlers... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow iDefense Labs (Oct 09)
- Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow Nick FitzGerald (Oct 10)
- Re: iDefense Security Advisory 10.09.07:Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow gjgowey (Oct 10)
- Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow Nick FitzGerald (Oct 10)