Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and- Outlook Express NNTP Protocol Heap Overflow

From: Nick FitzGerald <nick@virus-l.demon.co.uk>
To: vulnwatch@vulnwatch.org,full-disclosure@lists.grok.org.uk,bugtraq@securityfocus.com
Cc:
Subject: Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and- Outlook Express NNTP Protocol Heap Overflow
Date:


iDefense Labs wrote:

<<...>>
> V. WORKAROUND
> 
> Deleting the all sub-keys of the following registry keys will remove the
> 'news' and 'snews' protocol handlers:
> 
>   HKEY_CLASSES_ROOT\news\shell
>   HKEY_CLASSES_ROOT\snews\shell

If you want to do a thorough job of such mitigation as a Q&D fix, you 
may also need to nuke the 

   HKEY_CLASSES_ROOT\nntp\shell

entry.

I can't easily test the viability of exploiting this via an nntp:// URI 
just now, but "nntp" is normally registered (at least with OE -- can 
someone check for Windows Mail?) with exactly the same sub-keys and 
values as the "news" and "snews" URI handlers...


Regards,

Nick FitzGerald





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.