Bugtraq mailing list archives
Re: [Re: Internet Explorer 5.0 HTML Applications]
From: seanmckay () NETSCAPE NET (McKay)
Date: Thu, 19 Aug 1999 16:19:04 CDT
"Posick, Steve" <steve.posick () ESPN COM> wrote:
Solution Disable File Downloads or disassociate .HTA files from MSHTA.exe.
Disabling
scripting does not stop this, we believe it is dew to the fact that the HTA is already on the local system at the time of execution, thus making it trusted.
The reason for this can be found in the MSDN. It specifically states that HTA's, once run from the local hard drive or executed from the Internet are considered completely trusted applications and not under an security restrictions that IE4>= is under. In fact, an HTA could download an arbitrary Java application and run it. HTA's can be very dangerous if users aren't taught to not run an HTA from the web or to let it be downloaded to a local hard drive. McKay ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.
Current thread:
- Re: [Re: Internet Explorer 5.0 HTML Applications] McKay (Aug 19)