Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Disabling the MSIE hole.

From: Rob.Kedward () appsense com
Date: Wed, 13 Mar 2002 10:37:17 -0000
Tested on Windows XP with all latest critical updates and patches,

Internet Explorer : 6.0.2600.0000.xpclient.010817-1148
                    3283; Q313675; Q316059

The included HTML code still causes "logoff.exe" to be executed when 
viewing the page in IE. 

Cheers,
RobK

-----Original Message-----
From: Suresh P [mailto:surya () nsecure net] 
Sent: 13 March 2002 05:53
To: Magnus Bodin; vuln-dev () securityfocus com; bugtraq () securityfocus com;
focus-ms () securityfocus com
Cc: ms-secnews () securityfocus com; SECURITY-BASICS () securityfocus com
Subject: Disabling the MSIE hole.


Hi All,
    You can disable the Latest MSIE hole on all windows machines by enabling
the security settings for the LocalZone. unfortunately, there is no UI for
doing this. All you have to do is, launch regedit, traverse to the following
key and change the value to 3. HKEY_CURRENT_USER
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 and
change the value of "1004" from "0" to "3". This is applicable for Windows
95/98/NT/2000

regards,
Suresh Ponnusami,
Internet Security Consultant,
nSecure Software (P) Ltd,
http://www.nsecure.net/
Ph: 91 80 535 1545
Fax: 91 80 535 1551
----------------------------------------------------------------------------
-
This message is intended for the addressee only. It may
contain privileged or confidential information. If you have received this
message in error, please notify the sender and destroy the message
immediately. Unauthorised use or reproduction of this message is strictly
prohibited.


*********************************************************************
Don't let users hog your systems, use AppSense 
Performance Manager.

CONFIDENTIAL
The contents of this email and any attachments may be
confidential.  It is intended for the named recipient(s) only.
If you are not the named recipient, please notify the sender
immediately and do not disclose the contents to any other
person or make any copies.
*********************************************************************
Previous By Date Next
Previous By Thread Next

Current thread: