Re: Minor IE vulnerability: about: URLs

From: Julian Hall (julesat_private)
Date: Tue Oct 23 2001 - 10:45:15 PDT

Next message: Jay D. Dyson: "Sun Security Bulletin #00210 (fwd)"

Previous message: Scott Dier: "Re: Flaws in recent Linux kernels"
In reply to: Nick FitzGerald: "Re: Minor IE vulnerability: about: URLs"
Next in thread: Pedro Miller Rabinovitch: "Re: Minor IE vulnerability: about: URLs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Nick FitzGerald wrote:

> Users just *may* be able to control handling of "about:" URLs (at
> least insofar as breaking them completely counts as "controlling
> them"  8-) ).  There is a registry key:
>
>    HKCR\PROTOCOLS\Handler\about
>
> which in the fairly default install of IE 5.5 on this machine holds
> two values -- an empty default value and a CLSID string value set to
> {3050F406-98B5-11CF-BB82-00AA00BDCE0B}.  In HKCR\CLSID that CLSID is
> described as "Microsoft HTML About Pluggable Protocol" and (not
> surprisingly) an InProcServer of "%SystemRoot%\System32\mshtml.dll".
>
> I imagine you could munge either the InProcServer value of the CLSID
> to break all references to the about: protocol called through a CLSID
> reference or just munge the CLSID value in the Protocol\about key to
> break calls to the about: protocol via the approved mechanisms for
> protocol handling.

Another approach would be to write your own version of the about: protocol
module, and point the server to your implementation DLL.
Non-vendor-approved patch, anyone? :-)

Next message: Jay D. Dyson: "Sun Security Bulletin #00210 (fwd)"
Previous message: Scott Dier: "Re: Flaws in recent Linux kernels"
In reply to: Nick FitzGerald: "Re: Minor IE vulnerability: about: URLs"
Next in thread: Pedro Miller Rabinovitch: "Re: Minor IE vulnerability: about: URLs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 23 2001 - 14:29:54 PDT