Full Disclosure mailing list archives

Re: Can CERT VU#786920 be right?

From: "CERT(R) Coordination Center" <cert () cert org>
Date: Wed, 18 Jul 2007 10:43:39 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Paul,

CERT Coordination Center <cert () cert org> writes:

I sent the following to CERT (a few hours ago, no reply yet):

In http://www.kb.cert.org/vuls/id/786920 you wrote:

Disabling the AIM protocol handler will mitigate this vulnerability.

To unregister the protocol handlers, delete or rename the following
registry keys:
HKEY_CLASSES_ROOT\AOL

I believe that renaming that key does NOT unregister the handler.
Windows looks for registry values of "URL Protocol" (almost?) anywhere
within the registry, not just (directly) under HKCR. And anyway, how
would renaming AOL to XYZ affect the AIM handler...


Now I wonder if they can in fact be right... please enlighten me.


Thanks for the good feedback, we did some more testing and updated VU#786920:

<http://www.kb.cert.org/vuls/id/786920>

Thanks,

Ryan Giobbi
Vulnerability Analyst
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBRp4pbdQ7jfmvPJrEAQIHYgf/QfaKNH89qGCsyFclNBE7cKScTtI2Y4hT
+h/7waUBvGJyufgLFMmBZFqxKDx2vuGyuxGKlRwCYmlvQ1O1LeFq+zRRz5LIW17n
p1p2ExPp/48/GY29RQzER9nBF5BjY5eyN2hhcjvwX7jXiiP6sQ7Z3Nd7dTkSqYCs
hbggwDpKyF9Fvww/XbpSjPLf/4SRgndtuu5Ge/4++iAmLR6NhXlRUxziICkaj8EW
7CaTTZr2T57NCsrCi3UOiLiZHH2EGNq+AAioWpYgDZP+cBG5r6O8V1pDH9dLFFyv
q4D2ko280B/T8Y4KT0sj49Mctbn2P6/x+nY7Hek8lAeldZ7OsvhWXQ==
=jcbC
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Can CERT VU#786920 be right? Paul Szabo (Jul 18)
- Re: Can CERT VU#786920 be right? Steven Adair (Jul 18)
- <Possible follow-ups>
- Re: Can CERT VU#786920 be right? CERT(R) Coordination Center (Jul 18)