mailing list archives
Re: AOL Instant Messenger "Away" Message Buffer Overflow Vulnerability
From: High Pressure <pressure () gmail com>
Date: Thu, 12 Aug 2004 17:00:29 -0400
If you're running NT/2000/XP, you can delete everything under the key
and make it read-only -- or just deny everyone access to the key.
On Wed, 11 Aug 2004 14:02:50 -0700, Thor Larholm <tlarholm () pivx com> wrote:
Deleting the "HKEY_CLASSES_ROOT\aim" registry key is not a permanent
mitigation but a per-session change that has to be implemented every
time AOL Instant Messenger is instantiated. The reason for this is that
if the HKCR\aim key is missing when AIM is launched AIM will simply
recreate the key and thus the URL protocol.
Please don't send anything confidential to this address. More info: