Full Disclosure mailing list archives
Re: Can CERT VU#786920 be right?
From: "CERT(R) Coordination Center" <cert () cert org>
Date: Wed, 18 Jul 2007 10:43:39 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Paul, CERT Coordination Center <cert () cert org> writes:
I sent the following to CERT (a few hours ago, no reply yet):In http://www.kb.cert.org/vuls/id/786920 you wrote: Disabling the AIM protocol handler will mitigate this vulnerability. To unregister the protocol handlers, delete or rename the following registry keys: HKEY_CLASSES_ROOT\AOL I believe that renaming that key does NOT unregister the handler. Windows looks for registry values of "URL Protocol" (almost?) anywhere within the registry, not just (directly) under HKCR. And anyway, how would renaming AOL to XYZ affect the AIM handler...Now I wonder if they can in fact be right... please enlighten me.
Thanks for the good feedback, we did some more testing and updated VU#786920: <http://www.kb.cert.org/vuls/id/786920> Thanks, Ryan Giobbi Vulnerability Analyst -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBRp4pbdQ7jfmvPJrEAQIHYgf/QfaKNH89qGCsyFclNBE7cKScTtI2Y4hT +h/7waUBvGJyufgLFMmBZFqxKDx2vuGyuxGKlRwCYmlvQ1O1LeFq+zRRz5LIW17n p1p2ExPp/48/GY29RQzER9nBF5BjY5eyN2hhcjvwX7jXiiP6sQ7Z3Nd7dTkSqYCs hbggwDpKyF9Fvww/XbpSjPLf/4SRgndtuu5Ge/4++iAmLR6NhXlRUxziICkaj8EW 7CaTTZr2T57NCsrCi3UOiLiZHH2EGNq+AAioWpYgDZP+cBG5r6O8V1pDH9dLFFyv q4D2ko280B/T8Y4KT0sj49Mctbn2P6/x+nY7Hek8lAeldZ7OsvhWXQ== =jcbC -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Can CERT VU#786920 be right? Paul Szabo (Jul 18)
- Re: Can CERT VU#786920 be right? Steven Adair (Jul 18)
- <Possible follow-ups>
- Re: Can CERT VU#786920 be right? CERT(R) Coordination Center (Jul 18)