Re: Re[2]: A possible "new ?" DOS exploit with IE
From: donge912 (donge912_at_planet.nl)
Date: 07/18/04
- Previous message: Juan B: "Restricting users fron installing"
- In reply to: Danny Messano: "Re[2]: A possible "new ?" DOS exploit with IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 18 Jul 2004 08:49:08 +0200 To: Danny Messano <danny@logicalcomputing.net>, Claude Petit <petc@videotron.ca>
Strange higlighting a cell with e-mail-address in it and clicking to edit it
in excell 2000 just brings me one instance of outook express new msg, no IE
at all....How was your set-up?
Willem van Dongen
----- Original Message -----
From: "Danny Messano" <danny@logicalcomputing.net>
To: "Claude Petit" <petc@videotron.ca>
Cc: <security-basics@securityfocus.com>
Sent: Thursday, July 15, 2004 2:38 AM
Subject: Re[2]: A possible "new ?" DOS exploit with IE
> In this case, "The Bat!"
>
> It's particularly fun with Office. When I am working on Excel
spreadsheets with e-mail addresses in them, highlight a cell with an address
in it, then click again to edit, it opens the hyperlink and gives me the
screens and screens of IE popups.
>
> The number of IE popups in my experience is NOT infinite. It is large,
but definitely finite. I'd guess on the order of maybe 60 or so. On a
slow machine, its nearly impossible to get to task manager and kill
IEXPLORE. I usually have to just reset the box. On a fast machine, I just
kill IE and go on living.
>
> Danny Messano
>
> Wednesday, July 14, 2004, 9:16:38 PM, you wrote:
>
> CP> What was this client ?
>
> CP> -----Message d'origine-----
> CP> De : Danny Messano [mailto:danny@logicalcomputing.net]
> CP> Envoye : July 14, 2004 17:49
> CP> A : Claude Petit
> CP> Cc : security-basics@securityfocus.com;
> CP>
security-basics-return-29248-danny=logicalcomputing.net@securityfocus.co
> CP> m
> CP> Objet : Re: A possible "new ?" DOS exploit with IE
>
>
> CP> I noticed it if you install outlook, then install another client and
make it
> CP> the default, and click a mailto, it does the same thing.
>
> CP> I havent actually checked the registry to see what keys are missing or
> CP> changed.
>
> CP> Danny Messano
>
> CP> Tuesday, July 13, 2004, 7:27:05 PM, you wrote:
>
> CP>> Hi,
>
> CP>> I'm new in security. By tuning my windows 2000 system to remove all
> CP>> undesired and "dangerous" url protocol handlers (like telnet:), I
> CP> discovered
> CP>> a strange behavior with IE. To begin, I have Windows 2000 Pro SP4 +
> CP> actual
> CP>> hotfixes and IE SP1 + actual hotfixes installed. What I did that
caused
> CP> the
> CP>> problem is to remove the value named "URL Protocol" in the registry
key
> CP>> "HKEY_CLASSES_ROOT\mailto". I did it to prevent malicious html pages
to
> CP>> launches many new email message windows with the use of image tags
> CP> (<IMG>)
> CP>> or something else. After I removed this value, I ran "mailto:" from
> Start->>>Run. Nothing was happening, but after some seconds, multiple IE
> CP>> windows were launched in an infinite loop. I don't think it's
> CP> exploitable
> CP>> unless the destination system have this value removed from the
registry,
> CP> but
> CP>> I'm not sure.
>
>
>
> CP>> Claude Petit
>
>
>
CP>> -----------------------------------------------------------------------
-
> CP> ---
> CP>> Ethical Hacking at the InfoSec Institute. Mention this ad and get
$545
> CP> off
> CP>> any course! All of our class sizes are guaranteed to be 10 students
or
> CP> less
> CP>> to facilitate one-on-one interaction with one of our expert
instructors.
> CP>> Attend a course taught by an expert instructor with years of
> CP> in-the-field
> CP>> pen testing experience in our state of the art hacking lab. Master
the
> CP> skills
> CP>> of an Ethical Hacker to better assess the security of your
organization.
> CP>> Visit us at:
> CP>> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
>
CP>> -----------------------------------------------------------------------
-
> CP> ----
>
>
>
>
> CP> --
>
> CP> Best regards,
>
> CP> Danny Messano
> CP> Owner
> CP> Logical Computing
> CP> http://www.logicalcomputing.net
>
>
>
>
>
>
> --
>
> Best regards,
>
> Danny Messano
> Owner
> Logical Computing
> http://www.logicalcomputing.net
>
>
>
>
> --------------------------------------------------------------------------
-
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or
less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------------------
-- > --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
- Previous message: Juan B: "Restricting users fron installing"
- In reply to: Danny Messano: "Re[2]: A possible "new ?" DOS exploit with IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
