Did they fix this already because all I see when I go to your URL is: II. Solution We are currently unaware of a practical solution to this problem.
Unregister the AIM protocols Disabling the AIM protocol handler may mitigate this vulnerability. To unregister the protocol handlers, delete or rename the following registry keys: HKEY_CLASSES_ROOT\AIM Block access to aim: URIs Administrators may partially mitigate this vulnerability by blocking access to the aim: URI using proxy server access control lists or the appropriate content filtering rule. Nothing about the "aol:". Steven > I sent the following to CERT (a few hours ago, no reply yet): > >> In http://www.kb.cert.org/vuls/id/786920 you wrote: >> >> Disabling the AIM protocol handler will mitigate this vulnerability. >> To unregister the protocol handlers, delete or rename the following >> registry keys: >> HKEY_CLASSES_ROOT\AOL >> >> I believe that renaming that key does NOT unregister the handler. >> Windows looks for registry values of "URL Protocol" (almost?) anywhere >> within the registry, not just (directly) under HKCR. And anyway, how >> would renaming AOL to XYZ affect the AIM handler... > > Now I wonder if they can in fact be right... please enlighten me. > > Cheers, > > Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/ > School of Mathematics and Statistics University of Sydney Australia > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
