lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <64D025EA67574B36BC6F36582D5C0142@W340>
Date: Thu, 19 Feb 2015 17:44:46 +0100
From: "Stefan Kanthak" <stefan.kanthak@...go.de>
To: <bugtraq@...urityfocus.com>
Cc: fulldisclosure@...lists.org
Subject: [FD] Defense in depth -- the Microsoft way (part 28): yes,
	we can (create even empty, but properly quoted pathnames)

Hi @ll,

in order to prevent the start of the defunct USENET news client
(alias "Windows Mail") that Microsoft installs with Windows 7
and later versions of Windows as "Microsoft Outlook NewsReader",
the installation of all editions of Microsoft Office 2010 which
include Microsoft Outlook 2010 as well as the standalone version
of the latter create the following registry entries for the
"Microsoft Outlook NewsReader" with empty pathnames for the
icons and in the command lines:


--- DEFUNCT.REG ---
REGEDIT4

; PLEASE NOTICE THE PROPERLY QUOTED ALBEIT EMPTY PATHNAMES!

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook]
@="Microsoft Outlook"
"DLLPath"="MSIMNUI.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook\Protocols]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook\Protocols\news]
@="URL:News-Protokoll"
"URL Protocol"=""
"EditFlags"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook\Protocols\news\DefaultIcon]
@=", -3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook\Protocols\news\shell]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook\Protocols\news\shell\open]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook\Protocols\news\shell\open\command]
@="\"\" /outnews /newsurl:%1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook\Protocols\nntp]
@="URL:NNTP-Protokoll"
"URL Protocol"=""
"EditFlags"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook\Protocols\nntp\DefaultIcon]
@=", -3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook\Protocols\nntp\shell]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook\Protocols\nntp\shell\open]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook\Protocols\nntp\shell\open\command]
@="\"\" /outnews /newsurl:%1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook\Protocols\snews]
@="URL:Snews-Protokoll"
"URL Protocol"=""
"EditFlags"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook\Protocols\snews\DefaultIcon]
@=", -3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook\Protocols\snews\shell]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook\Protocols\snews\shell\open]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook\Protocols\snews\shell\open\command]
@="\"\" /outnews /newsurl:%1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook\shell]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook\shell\open]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Microsoft Outlook\shell\open\command]
@="\"\" /outnews"
--- EOF ---


JFTR: the superfluous empty unnamed (default) registry values are
      created due to a well-known bug in the tools (not only) Microsoft
      uses to build packages for the Microsoft Installer.

      See but <https://msdn.microsoft.com/en-us/library/bb165967.aspx>
      why creating an empty default registry value (not only) for the
      "open" verb is a bug:

      | When registering standard verbs, do not set the default value
      | for the Open key. The default value contains the display string
      | on the menu. The operating system supplies this string for
      | standard verbs.


regards
Stefan Kanthak


PS: Windows 7, and of course Windows 8, Windows 8.1 and Windows 10 too,
    have at least one command line with an empty but properly quoted
    pathname out-of-the-box, even before the installation of Microsoft
    Outlook 2010:

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Windows Mail\InstallInfo]
"ShowIconsCommand"=expand:"\"\""

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ