Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Disabling the MSIE hole.

From: "leon" <leon () inyc com>
Date: Wed, 13 Mar 2002 11:46:27 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I thought just turning of active scripting fixes the hole?

Leon

(Maybe the solution is worse then the problem?)

- -----Original Message-----
From: Suresh P [mailto:surya () nsecure net] 
Sent: Wednesday, March 13, 2002 12:53 AM
To: Magnus Bodin; vuln-dev () securityfocus com;
bugtraq () securityfocus com; focus-ms () securityfocus com
Cc: ms-secnews () securityfocus com; SECURITY-BASICS () securityfocus com
Subject: Disabling the MSIE hole.

Hi All,
    You can disable the Latest MSIE hole on all windows machines
by enabling the security settings for the LocalZone.
unfortunately, there is no UI for doing this. All you have to
do is, launch regedit, traverse to the following key and
change the value to 3.
HKEY_CURRENT_USER
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
and change the value of "1004" from "0" to "3".
This is applicable for Windows 95/98/NT/2000

regards,
Suresh Ponnusami,
Internet Security Consultant,
nSecure Software (P) Ltd,
http://www.nsecure.net/
Ph: 91 80 535 1545
Fax: 91 80 535 1551
- ----------------------------------------------------------------------
- ------
- -
This message is intended for the addressee only. It may
contain privileged or confidential information. If you have
received this message in error, please notify the sender
and destroy the message immediately. Unauthorised
use or reproduction of this message is strictly prohibited.


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPI+CY9qAgf0xoaEuEQLrqACg15vhInjFUGUkDrvuYbJWif3ccQMAoJEW
YMOVvncbBo3xNAPjRazCGhTt
=0+Sp
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: