Re[2]: A possible "new ?" DOS exploit with IE

From: Danny Messano (danny_at_logicalcomputing.net)
Date: 07/15/04

  • Next message: Kenny: "Re: Any reason not to use strcpy, strcat or scanf?"
    Date: Wed, 14 Jul 2004 20:38:15 -0400
    To: Claude Petit <petc@videotron.ca>
    
    

    In this case, "The Bat!"

    It's particularly fun with Office. When I am working on Excel spreadsheets with e-mail addresses in them, highlight a cell with an address in it, then click again to edit, it opens the hyperlink and gives me the screens and screens of IE popups.

    The number of IE popups in my experience is NOT infinite. It is large, but definitely finite. I'd guess on the order of maybe 60 or so. On a slow machine, its nearly impossible to get to task manager and kill IEXPLORE. I usually have to just reset the box. On a fast machine, I just kill IE and go on living.

    Danny Messano

    Wednesday, July 14, 2004, 9:16:38 PM, you wrote:

    CP> What was this client ?

    CP> -----Message d'origine-----
    CP> De : Danny Messano [mailto:danny@logicalcomputing.net]
    CP> Envoye : July 14, 2004 17:49
    CP> A : Claude Petit
    CP> Cc : security-basics@securityfocus.com;
    CP> security-basics-return-29248-danny=logicalcomputing.net@securityfocus.co
    CP> m
    CP> Objet : Re: A possible "new ?" DOS exploit with IE

    CP> I noticed it if you install outlook, then install another client and make it
    CP> the default, and click a mailto, it does the same thing.

    CP> I havent actually checked the registry to see what keys are missing or
    CP> changed.

    CP> Danny Messano

    CP> Tuesday, July 13, 2004, 7:27:05 PM, you wrote:

    CP>> Hi,

    CP>> I'm new in security. By tuning my windows 2000 system to remove all
    CP>> undesired and "dangerous" url protocol handlers (like telnet:), I
    CP> discovered
    CP>> a strange behavior with IE. To begin, I have Windows 2000 Pro SP4 +
    CP> actual
    CP>> hotfixes and IE SP1 + actual hotfixes installed. What I did that caused
    CP> the
    CP>> problem is to remove the value named "URL Protocol" in the registry key
    CP>> "HKEY_CLASSES_ROOT\mailto". I did it to prevent malicious html pages to
    CP>> launches many new email message windows with the use of image tags
    CP> (<IMG>)
    CP>> or something else. After I removed this value, I ran "mailto:" from
    Start->>>Run. Nothing was happening, but after some seconds, multiple IE
    CP>> windows were launched in an infinite loop. I don't think it's
    CP> exploitable
    CP>> unless the destination system have this value removed from the registry,
    CP> but
    CP>> I'm not sure.

    CP>> Claude Petit

    CP>> ------------------------------------------------------------------------
    CP> ---
    CP>> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
    CP> off
    CP>> any course! All of our class sizes are guaranteed to be 10 students or
    CP> less
    CP>> to facilitate one-on-one interaction with one of our expert instructors.
    CP>> Attend a course taught by an expert instructor with years of
    CP> in-the-field
    CP>> pen testing experience in our state of the art hacking lab. Master the
    CP> skills
    CP>> of an Ethical Hacker to better assess the security of your organization.
    CP>> Visit us at:
    CP>> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    CP>> ------------------------------------------------------------------------
    CP> ----

    CP> --

    CP> Best regards,

    CP> Danny Messano
    CP> Owner
    CP> Logical Computing
    CP> http://www.logicalcomputing.net

    -- 
    Best regards,
    Danny Messano
    Owner
    Logical Computing
    http://www.logicalcomputing.net
    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
    any course! All of our class sizes are guaranteed to be 10 students or less 
    to facilitate one-on-one interaction with one of our expert instructors. 
    Attend a course taught by an expert instructor with years of in-the-field 
    pen testing experience in our state of the art hacking lab. Master the skills 
    of an Ethical Hacker to better assess the security of your organization. 
    Visit us at: 
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------
    

  • Next message: Kenny: "Re: Any reason not to use strcpy, strcat or scanf?"

    Relevant Pages

    • RE: Cisco CSA
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Any reason not to use strcpy, strcat or scanf?
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: New Trojan?
      ... > Ethical Hacking at the InfoSec Institute. ... Attend a course taught by an expert instructor with years of ... pen testing experience in our state of the art hacking lab. ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)
    • Re: antivirus for linux
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Wireless access
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... pen testing experience in our state of the art hacking lab. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)