Vulnerability Development mailing list archives
RE: Disabling the MSIE hole.
From: Rob.Kedward () appsense com
Date: Wed, 13 Mar 2002 10:37:17 -0000
Tested on Windows XP with all latest critical updates and patches, Internet Explorer : 6.0.2600.0000.xpclient.010817-1148 3283; Q313675; Q316059 The included HTML code still causes "logoff.exe" to be executed when viewing the page in IE. Cheers, RobK -----Original Message----- From: Suresh P [mailto:surya () nsecure net] Sent: 13 March 2002 05:53 To: Magnus Bodin; vuln-dev () securityfocus com; bugtraq () securityfocus com; focus-ms () securityfocus com Cc: ms-secnews () securityfocus com; SECURITY-BASICS () securityfocus com Subject: Disabling the MSIE hole. Hi All, You can disable the Latest MSIE hole on all windows machines by enabling the security settings for the LocalZone. unfortunately, there is no UI for doing this. All you have to do is, launch regedit, traverse to the following key and change the value to 3. HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 and change the value of "1004" from "0" to "3". This is applicable for Windows 95/98/NT/2000 regards, Suresh Ponnusami, Internet Security Consultant, nSecure Software (P) Ltd, http://www.nsecure.net/ Ph: 91 80 535 1545 Fax: 91 80 535 1551 ---------------------------------------------------------------------------- - This message is intended for the addressee only. It may contain privileged or confidential information. If you have received this message in error, please notify the sender and destroy the message immediately. Unauthorised use or reproduction of this message is strictly prohibited. ********************************************************************* Don't let users hog your systems, use AppSense Performance Manager. CONFIDENTIAL The contents of this email and any attachments may be confidential. It is intended for the named recipient(s) only. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to any other person or make any copies. *********************************************************************
Current thread:
- RE: Disabling the MSIE hole. Rob . Kedward (Mar 13)