Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

IE7 Default Settings

From: natron at invisibledenizen.org (natron)
Date: Wed, 17 Dec 2008 12:55:21 -0600
I put together a spreadsheet of all IE7 default settings.  For your reference:

http://blog.invisibledenizen.org/2008/12/default-ie7-settings-for-xp-sp3-and.html
http://spreadsheets.google.com/ccc?key=pPb4M5mLTAttAB-flW0VIaw

Specifically, these are the 'interesting' values that go from 'Prompt'
to 'Enabled' for the Intranet zone:

    * ActiveX controls and plug-ins: Allow Scriptlets
    * Miscellaneous: Allow scripting of Internet Explorer Web browser control ^
    * Scripting: Allow Programmatic clipboard access
    * Miscellaneous: Navigate sub-frames across different domains
    * Launching programs and files in webview #
    * Miscellaneous: Launching applications and unsafe files

FYI, even on the intranet zone, you can't auto-download signed or
unsigned scripts by default.  Just like the Internet zone, you can
only access 'safe' ActiveX controls that have already been downloaded
by default.  (E.g. I don't believe Rex::Text.to_activex would be as
useful as it otherwise would be
[http://trac.metasploit.com/ticket/267])
Previous By Date Next
Previous By Thread Next

Current thread: