[VulnWatch] Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow
- From: Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>
- Date: Wed, 10 Oct 2007 21:15:57 +1300
iDefense Labs wrote:
<<...>>
V. WORKAROUND
Deleting the all sub-keys of the following registry keys will remove the
'news' and 'snews' protocol handlers:
HKEY_CLASSES_ROOT\news\shell
HKEY_CLASSES_ROOT\snews\shell
If you want to do a thorough job of such mitigation as a Q&D fix, you
may also need to nuke the
HKEY_CLASSES_ROOT\nntp\shell
entry.
I can't easily test the viability of exploiting this via an nntp:// URI
just now, but "nntp" is normally registered (at least with OE -- can
someone check for Windows Mail?) with exactly the same sub-keys and
values as the "news" and "snews" URI handlers...
Regards,
Nick FitzGerald
- References:
- Prev by Date: [VulnWatch] iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow
- Next by Date: [VulnWatch] Cisco Security Advisory: Cisco Wireless Control System Conversion Utility Adds Default Password
- Previous by thread: [VulnWatch] iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow
- Next by thread: [VulnWatch] Cisco Security Advisory: Cisco Wireless Control System Conversion Utility Adds Default Password
- Index(es):
Relevant Pages
|
