RE: Re[2]: A possible "new ?" DOS exploit with IE

From: Samuel Petreski (petreski_at_ksu.edu)
Date: 07/16/04

  • Next message: Rocky Heckman: "RE: Any reason not to use strcpy, strcat or scanf?" 
    To: "'Danny Messano'" <danny@logicalcomputing.net>, "'Claude Petit'" <petc@videotron.ca>
Date: Fri, 16 Jul 2004 11:30:49 -0500

    I tried doing this on Excel 2003 and all it does it opens a new Outlook
    message window. What version of Office are you running?

    --Samuel

    -----Original Message-----
    From: Danny Messano [mailto:danny@logicalcomputing.net]
    Sent: Wednesday, July 14, 2004 7:38 PM
    To: Claude Petit
    Cc: security-basics@securityfocus.com
    Subject: Re[2]: A possible "new ?" DOS exploit with IE

    In this case, "The Bat!"

    It's particularly fun with Office. When I am working on Excel spreadsheets
    with e-mail addresses in them, highlight a cell with an address in it, then
    click again to edit, it opens the hyperlink and gives me the screens and
    screens of IE popups.

    The number of IE popups in my experience is NOT infinite. It is large, but
    definitely finite. I'd guess on the order of maybe 60 or so. On a slow
    machine, its nearly impossible to get to task manager and kill IEXPLORE. I
    usually have to just reset the box. On a fast machine, I just kill IE and
    go on living.

    Danny Messano

    Wednesday, July 14, 2004, 9:16:38 PM, you wrote:

    CP> What was this client ?

    CP> -----Message d'origine-----
    CP> De : Danny Messano [mailto:danny@logicalcomputing.net]
    CP> Envoye : July 14, 2004 17:49
    CP> A : Claude Petit
    CP> Cc : security-basics@securityfocus.com;
    CP> security-basics-return-29248-danny=logicalcomputing.net@securityfocus.co
    CP> m
    CP> Objet : Re: A possible "new ?" DOS exploit with IE

    CP> I noticed it if you install outlook, then install another client and
    make it
    CP> the default, and click a mailto, it does the same thing.

    CP> I havent actually checked the registry to see what keys are missing or
    CP> changed.

    CP> Danny Messano

    CP> Tuesday, July 13, 2004, 7:27:05 PM, you wrote:

    CP>> Hi,

    CP>> I'm new in security. By tuning my windows 2000 system to remove all
    CP>> undesired and "dangerous" url protocol handlers (like telnet:), I
    CP> discovered
    CP>> a strange behavior with IE. To begin, I have Windows 2000 Pro SP4 +
    CP> actual
    CP>> hotfixes and IE SP1 + actual hotfixes installed. What I did that caused
    CP> the
    CP>> problem is to remove the value named "URL Protocol" in the registry key
    CP>> "HKEY_CLASSES_ROOT\mailto". I did it to prevent malicious html pages to
    CP>> launches many new email message windows with the use of image tags
    CP> (<IMG>)
    CP>> or something else. After I removed this value, I ran "mailto:" from
    Start->>>Run. Nothing was happening, but after some seconds, multiple IE
    CP>> windows were launched in an infinite loop. I don't think it's
    CP> exploitable
    CP>> unless the destination system have this value removed from the
    registry,
    CP> but
    CP>> I'm not sure.

    CP>> Claude Petit

    CP>>
    ------------------------------------------------------------------------
    CP> ---
    CP>> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
    CP> off
    CP>> any course! All of our class sizes are guaranteed to be 10 students or
    CP> less
    CP>> to facilitate one-on-one interaction with one of our expert
    instructors.
    CP>> Attend a course taught by an expert instructor with years of
    CP> in-the-field
    CP>> pen testing experience in our state of the art hacking lab. Master the
    CP> skills
    CP>> of an Ethical Hacker to better assess the security of your
    organization.
    CP>> Visit us at:
    CP>> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    CP>>
    ------------------------------------------------------------------------
    CP> ----

    CP> --

    CP> Best regards,

    CP> Danny Messano
    CP> Owner
    CP> Logical Computing
    CP> http://www.logicalcomputing.net 

    -- 
Best regards,
Danny Messano
Owner
Logical Computing
http://www.logicalcomputing.net
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
  • Next message: Rocky Heckman: "RE: Any reason not to use strcpy, strcat or scanf?"
    • Quantcast