[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Can CERT VU#786920 be right?
- To: full-disclosure@xxxxxxxxxxxxxxxxx, pszmaths.usyd.edu.au@xxxxxxxx
- Subject: Re: [Full-disclosure] Can CERT VU#786920 be right?
- From: "CERT(R) Coordination Center" <cert@xxxxxxxx>
- Date: Wed, 18 Jul 2007 10:43:39 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Paul,
CERT Coordination Center <cert@xxxxxxxx> writes:
>I sent the following to CERT (a few hours ago, no reply yet):
>
>> In http://www.kb.cert.org/vuls/id/786920 you wrote:
>>
>> Disabling the AIM protocol handler will mitigate this vulnerability.
>>
>> To unregister the protocol handlers, delete or rename the following
>> registry keys:
>> HKEY_CLASSES_ROOT\AOL
>>
>> I believe that renaming that key does NOT unregister the handler.
>> Windows looks for registry values of "URL Protocol" (almost?) anywhere
>> within the registry, not just (directly) under HKCR. And anyway, how
>> would renaming AOL to XYZ affect the AIM handler...
>
> Now I wonder if they can in fact be right... please enlighten me.
Thanks for the good feedback, we did some more testing and updated VU#786920:
<http://www.kb.cert.org/vuls/id/786920>
Thanks,
Ryan Giobbi
Vulnerability Analyst
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRp4pbdQ7jfmvPJrEAQIHYgf/QfaKNH89qGCsyFclNBE7cKScTtI2Y4hT
+h/7waUBvGJyufgLFMmBZFqxKDx2vuGyuxGKlRwCYmlvQ1O1LeFq+zRRz5LIW17n
p1p2ExPp/48/GY29RQzER9nBF5BjY5eyN2hhcjvwX7jXiiP6sQ7Z3Nd7dTkSqYCs
hbggwDpKyF9Fvww/XbpSjPLf/4SRgndtuu5Ge/4++iAmLR6NhXlRUxziICkaj8EW
7CaTTZr2T57NCsrCi3UOiLiZHH2EGNq+AAioWpYgDZP+cBG5r6O8V1pDH9dLFFyv
q4D2ko280B/T8Y4KT0sj49Mctbn2P6/x+nY7Hek8lAeldZ7OsvhWXQ==
=jcbC
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/