Vulnwatch mailing list archives
Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 10 Oct 2007 21:15:57 +1300
iDefense Labs wrote: <<...>>
V. WORKAROUND Deleting the all sub-keys of the following registry keys will remove the 'news' and 'snews' protocol handlers: HKEY_CLASSES_ROOT\news\shell HKEY_CLASSES_ROOT\snews\shell
If you want to do a thorough job of such mitigation as a Q&D fix, you may also need to nuke the HKEY_CLASSES_ROOT\nntp\shell entry. I can't easily test the viability of exploiting this via an nntp:// URI just now, but "nntp" is normally registered (at least with OE -- can someone check for Windows Mail?) with exactly the same sub-keys and values as the "news" and "snews" URI handlers... Regards, Nick FitzGerald
Current thread:
- iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow iDefense Labs (Oct 12)
- Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow Nick FitzGerald (Oct 12)