> - If remote attacks are possible, how can the money: > protocol be turned off in Web pages and Email > messages, but still have Microsoft Money work > properly? > In HKEY_CLASSES_ROOT any immediate subkey (eg HKCR\callto) that has a "URL Protocol" value can be launched from IE. Removing this value disables this feature. To demonstrate: Create an HTML file and add an anchor <A HREF="news://abc">here</A> - save it then open it in IE. Click on "here" and Outlook should open. Close it. Open regedit and navigate to HKCR\news Delete the URL Protocol value in the left hand pane. Click on "here" and an error message should appear. Go back to Regedit and replace the URL Protocol value then go back to IE and click on "here". Outlook express should open as normal again. So as far as disabling the functionality of being able to launch MS Money from IE is concerned remove the URL protocol value from its registry entry. On a side note on some NT systems the "shell" registry key has a URL protocol value and the open command uses explorer. I haven't had the time to research this specific issue but being able to play with explorer.exe remotely (froma web page or e-mail) may have some bad implications (but then again, maybe not). Anyone who cares to look into this issue it would be interesting to hear if you find anything. Cheers, David Litchfield http://www.cerberus-infosec.co.uk
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:22:30 PDT