Bugtraq mailing list archives
Re: The money: protocol in Internet Explorer
From: mnemonix () GLOBALNET CO UK (David Litchfield)
Date: Tue, 21 Dec 1999 21:53:32 -0000
- If remote attacks are possible, how can the money: protocol be turned off in Web pages and Email messages, but still have Microsoft Money work properly?
In HKEY_CLASSES_ROOT any immediate subkey (eg HKCR\callto) that has a "URL Protocol" value can be launched from IE. Removing this value disables this feature. To demonstrate: Create an HTML file and add an anchor <A HREF="news://abc">here</A> - save it then open it in IE. Click on "here" and Outlook should open. Close it. Open regedit and navigate to HKCR\news Delete the URL Protocol value in the left hand pane. Click on "here" and an error message should appear. Go back to Regedit and replace the URL Protocol value then go back to IE and click on "here". Outlook express should open as normal again. So as far as disabling the functionality of being able to launch MS Money from IE is concerned remove the URL protocol value from its registry entry. On a side note on some NT systems the "shell" registry key has a URL protocol value and the open command uses explorer. I haven't had the time to research this specific issue but being able to play with explorer.exe remotely (froma web page or e-mail) may have some bad implications (but then again, maybe not). Anyone who cares to look into this issue it would be interesting to hear if you find anything. Cheers, David Litchfield http://www.cerberus-infosec.co.uk
Current thread:
- Re: FTP denial of service attack, (continued)
- Re: FTP denial of service attack Darren Reed (Dec 07)
- Re: FTP denial of service attack Theo de Raadt (Dec 07)
- Re: FTP denial of service attack Darren Reed (Dec 07)
- Re: FTP denial of service attack Gregory A Lundberg (Dec 10)
- RSAREF2 buffer overflow patch Gerardo Richarte (Dec 10)
- Re: new IE5 remote exploit Shane Hird (Dec 07)
- NT WinLogon VM contains plaintext password visible in admin mode Robert Horvick (Dec 07)
- Re: NT WinLogon VM contains plaintext password visible in admin mode Chris Paget (Dec 08)
- [Debian] New version of sendmail released Aleph One (Dec 07)
- The money: protocol in Internet Explorer Richard M. Smith (Dec 20)
- Re: The money: protocol in Internet Explorer David Litchfield (Dec 21)
- Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability Ussr Labs (Dec 20)