Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

IE7 Default Settings

From: natron at invisibledenizen.org (natron)
Date: Wed, 17 Dec 2008 13:24:43 -0600
And btw, I compared the wrong ones when I put that list in below.
What I meant to say was:

Potential for exploitation:
# 1208 ActiveX controls and plug-ins: Allow previously unused ActiveX
controls to run without prompt ^
# 1209 ActiveX controls and plug-ins: Allow Scriptlets
# 1607 Miscellaneous: Navigate sub-frames across different domains
# 1805 Launching programs and files in webview #
# 1806 Miscellaneous: Launching applications and unsafe files

Potential for phishing/SE:
# 206 Miscellaneous: Allow scripting of Internet Explorer Web browser control ^
# 2103 Scripting: Allow status bar updates via script ^
# 2104 Miscellaneous: Allow websites to open windows without address
or status bars ^
# 2105 Scripting: Allow websites to prompt for information using
scripted windows ^
# 2200 Downloads: Automatic prompting for file downloads ** ^

Unknown:
# 1207 Reserved #
# 1408 Reserved #
# 1807 Reserved ** #
# 180A Reserved #
# 180D Reserved #

On Wed, Dec 17, 2008 at 12:55 PM, natron <natron at invisibledenizen.org> wrote:

I put together a spreadsheet of all IE7 default settings.  For your reference:

http://blog.invisibledenizen.org/2008/12/default-ie7-settings-for-xp-sp3-and.html
http://spreadsheets.google.com/ccc?key=pPb4M5mLTAttAB-flW0VIaw

Specifically, these are the 'interesting' values that go from 'Prompt'
to 'Enabled' for the Intranet zone:

   * ActiveX controls and plug-ins: Allow Scriptlets
   * Miscellaneous: Allow scripting of Internet Explorer Web browser control ^
   * Scripting: Allow Programmatic clipboard access
   * Miscellaneous: Navigate sub-frames across different domains
   * Launching programs and files in webview #
   * Miscellaneous: Launching applications and unsafe files

FYI, even on the intranet zone, you can't auto-download signed or
unsigned scripts by default.  Just like the Internet zone, you can
only access 'safe' ActiveX controls that have already been downloaded
by default.  (E.g. I don't believe Rex::Text.to_activex would be as
useful as it otherwise would be
[http://trac.metasploit.com/ticket/267])
Previous By Date Next
Previous By Thread Next

Current thread: