Re: Re[2]: A possible "new ?" DOS exploit with IE

[donge912 <donge912 () planet nl>]

Strange higlighting a cell with e-mail-address in it and clicking to edit it
in excell 2000 just brings me one instance of outook express new msg, no IE
at all....How was your set-up?

Willem van Dongen



----- Original Message ----- 
From: "Danny Messano" <danny () logicalcomputing net>
To: "Claude Petit" <petc () videotron ca>
Cc: <security-basics () securityfocus com>
Sent: Thursday, July 15, 2004 2:38 AM
Subject: Re[2]: A possible "new ?" DOS exploit with IE


> In this case, "The Bat!"
>
> It's particularly fun with Office.  When I am working on Excel
spreadsheets with e-mail addresses in them, highlight a cell with an address
in it, then click again to edit, it opens the hyperlink and gives me the
screens and screens of IE popups.
> The number of IE popups in my experience is NOT infinite.  It is large,
but definitely finite.  I'd guess on the order of maybe 60 or so.   On a
slow machine, its nearly impossible to get to task manager and kill
IEXPLORE.  I usually have to just reset the box.  On a fast machine, I just
kill IE and go on living.
> Danny Messano
>
> Wednesday, July 14, 2004, 9:16:38 PM, you wrote:
>
> CP> What was this client ?
>
> CP> -----Message d'origine-----
> CP> De : Danny Messano [mailto:danny () logicalcomputing net]
> CP> Envoye : July 14, 2004 17:49
> CP> A : Claude Petit
> CP> Cc : security-basics () securityfocus com;
> CP>
security-basics-return-29248-danny=logicalcomputing.net () securityfocus co
> CP> m
> CP> Objet : Re: A possible "new ?" DOS exploit with IE
>
>
> CP> I noticed it if you install outlook, then install another client and
make it
> CP> the default, and click a mailto, it does the same thing.
>
> CP> I havent actually checked the registry to see what keys are missing or
> CP> changed.
>
> CP> Danny Messano
>
> CP> Tuesday, July 13, 2004, 7:27:05 PM, you wrote:
>
> CP>> Hi,
>
> CP>> I'm new in security. By tuning my windows 2000 system to remove all
> CP>> undesired and "dangerous" url protocol handlers (like telnet:), I
> CP> discovered
> CP>> a strange behavior with IE. To begin, I have Windows 2000 Pro SP4 +
> CP> actual
> CP>> hotfixes and IE SP1 + actual hotfixes installed. What I did that
caused
> CP> the
> CP>> problem is to remove the value named "URL Protocol" in the registry
key
> CP>> "HKEY_CLASSES_ROOT\mailto". I did it to prevent malicious html pages
to
> CP>> launches many new email message windows with the use of image tags
> CP> (<IMG>)
> CP>> or something else. After I removed this value, I ran "mailto:"; from
> Start->>>Run. Nothing was happening, but after some seconds, multiple IE
> CP>> windows were launched in an infinite loop. I don't think it's
> CP> exploitable
> CP>> unless the destination system have this value removed from the
registry,
> CP> but
> CP>> I'm not sure.
>
>
>
> CP>> Claude Petit
CP>> -----------------------------------------------------------------------
-
> CP> ---
> CP>> Ethical Hacking at the InfoSec Institute. Mention this ad and get
$545
> CP> off
> CP>> any course! All of our class sizes are guaranteed to be 10 students
or
> CP> less
> CP>> to facilitate one-on-one interaction with one of our expert
instructors.
> CP>> Attend a course taught by an expert instructor with years of
> CP> in-the-field
> CP>> pen testing experience in our state of the art hacking lab. Master
the
> CP> skills
> CP>> of an Ethical Hacker to better assess the security of your
organization.
> CP>> Visit us at:
> CP>> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
CP>> -----------------------------------------------------------------------
-
> CP> ----
>
>
>
>
> CP> --
>
> CP> Best regards,
>
> CP> Danny Messano
> CP> Owner
> CP> Logical Computing
> CP> http://www.logicalcomputing.net
>
>
>
>
>
>
> -- 
>
> Best regards,
>
> Danny Messano
> Owner
> Logical Computing
> http://www.logicalcomputing.net
>
>
>
>
> --------------------------------------------------------------------------
-
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or
less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------------------
--
>


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------