Full Disclosure mailing list archives

Can CERT VU#786920 be right?

From: Paul Szabo <psz () maths usyd edu au>
Date: Wed, 18 Jul 2007 21:25:18 +1000

I sent the following to CERT (a few hours ago, no reply yet):

In http://www.kb.cert.org/vuls/id/786920 you wrote:

  Disabling the AIM protocol handler will mitigate this vulnerability.
  To unregister the protocol handlers, delete or rename the following
  registry keys:
  HKEY_CLASSES_ROOT\AOL

I believe that renaming that key does NOT unregister the handler.
Windows looks for registry values of "URL Protocol" (almost?) anywhere
within the registry, not just (directly) under HKCR. And anyway, how
would renaming AOL to XYZ affect the AIM handler...


Now I wonder if they can in fact be right... please enlighten me.

Cheers,

Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Can CERT VU#786920 be right? Paul Szabo (Jul 18)
- Re: Can CERT VU#786920 be right? Steven Adair (Jul 18)
- <Possible follow-ups>
- Re: Can CERT VU#786920 be right? CERT(R) Coordination Center (Jul 18)