Re: iDefense Security Advisory 10.09.07:Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow

[gjgowey () tmo blackberry net]

If you want to do one better make sure to run ccleaner after deleting any registry key to nuke any registry keys that 
may have been relying on it.  Run ccleaner 2-3 times and you'll save yourself from a world of hurt.

Geoff

Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: Nick FitzGerald <nick () virus-l demon co uk>

Date: Wed, 10 Oct 2007 21:15:57 
To:vulnwatch () vulnwatch org, full-disclosure () lists grok org uk,bugtraq () securityfocus com
Subject: Re: [Full-disclosure] iDefense Security Advisory 10.09.07:
 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow


iDefense Labs wrote:

<<...>>
> V. WORKAROUND
>
> Deleting the all sub-keys of the following registry keys will remove the
> 'news' and 'snews' protocol handlers:
>
>   HKEY_CLASSES_ROOT\news\shell
>   HKEY_CLASSES_ROOT\snews\shell

If you want to do a thorough job of such mitigation as a Q&D fix, you
may also need to nuke the

   HKEY_CLASSES_ROOT\nntp\shell

entry.

I can't easily test the viability of exploiting this via an nntp:// URI
just now, but "nntp" is normally registered (at least with OE -- can
someone check for Windows Mail?) with exactly the same sub-keys and
values as the "news" and "snews" URI handlers...


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/