Bugtraq mailing list archives

Explorer & ActiveX

From: adam () WEATHERSHIP HOMEPORT ORG (Adam Shostack)
Date: Fri, 14 Aug 1998 17:32:43 -0400


        In light of the Eudora vulnerability, it probably occured to
people to take control of the 'My Computer' zone in IE4.  The
following is based on a bit of toying with regmon and IE4 on NT.
NTregmon, for those of you who don't know it, is a utility from the
sysinternals.com folks to watch registry activity.  Most useful.

        I've confirmed that enough of these work on my system to have
confidence in it.  YMMV.

        For IE4, the zones and security settings for
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\ are as follows:

   Zone    0   My computer
           1   Intranet
           2   Trusted Sites
           3   Internet
           4   restricted Sites

   Values
       For Enabled/Disabled/Prompt
           0x0 Enabled
           0x1 Prompt
           0x3 Disabled
           # 0x2 is unknown

  Keys under \...\Internet Settings\Zones\(Zone)
       ActiveX controls and Plugins Section
           1004    "Download unsigned ActiveX controls"
           1405    "Script ActiveX controls marked safe for scripting"
           1201    "Initialize and script activeX controls not
                       marketed as safe"
           1001    "Download signed ActiveX controls"
           1200    "Run ActiveX controls and plugins"
       User Authentication Section
           1A00    Logon
                   0x10000 Prompt
                   0x0     Automatic
                   0x20000 Automatic in intranet
                   0x30000 Anonymous login
       Downloads
           1604    Font Download
           1803    File Download
       Java
           1C00    Java Permissions
                0x30000       Low
                0x20000       medium
                0x10000       high
                0x80000       Custom
                0x0           disable
                # Custom is not sub-enumerated here.

       Miscellaneous
           1E05    Software Channel Permissions
                   Low, medium, high per Java Permissions
           1804    Launching applications and files in an IFRAME
           1800    Installation of Desktop Items
           1601    Submit non-encrypted form data
           1802    drag and drop or copy and paste files
                   All use Prompt, enable, disable standard
       Scripting
           1402    Scripting of Java applets
           1400    Active Scripting
                   Both use Prompt, enable, disable standard

Current thread:

Possible DoS attack to NT boxes running OpenNT 2.1 Nemo (Aug 03)
- <Possible follow-ups>
- Re: Possible DoS attack to NT boxes running OpenNT 2.1 Jason Zions (Aug 04)
  - Re: Possible DoS attack to NT boxes running OpenNT 2.1 n3m0 (Aug 15)
    - Explorer & ActiveX Adam Shostack (Aug 14)
    - Re: Possible DoS attack to NT boxes running OpenNT 2.1 David LeBlanc (Aug 15)
- Re: Possible DoS attack to NT boxes running OpenNT 2.1 Robert Fesig (Aug 16)