Vulnerability Development mailing list archives
RE: Simple question about ActiveX and IE
From: "Menashe Eliezer" <menashe () finjan com>
Date: Wed, 20 Mar 2002 04:01:48 +0200
You are right. There's NO browser sandbox for ActiveX controls. We know the Porn Dialers problem. Our proactive applications blocked them based on our own sandbox implementation. Only unsigned ActiveX controls can be limited. End users can only approve ActiveX controls signed by a specific signer, if the browser's security setting isn't low. Letting end users make security decisions isn't a good idea. You can ask your boss to try the following demo: www.finjan.com/mcrc/activex.cfm I hope it helps. Regards, Menashe Eliezer Manager, Malicious Code Research Center Web: http://www.finjan.com/mcrc -----Original Message----- From: Jonathan Mole [mailto:jonathan () ukexplorer com] Sent: Tuesday, March 19, 2002 2:52 PM To: vuln-dev () securityfocus com Subject: Simple question about ActiveX and IE This is probably a very simple question, with a very simple answer. I am running windows 2000 with all the latest service patches. We have written an interface for Internet terminals (based on the IE6 libraries), we need to allow ActiveX and ActiveX downloading, as the users could be going to any page on the web. My boss is sure that there is a way to allow ActiveX, but to allow it absolutely no access to other files on the system? Could somebody tell me if this is true or not, and if so, what group policies/registry settings do I need to change. I have always believed that there was no sandbox for ActiveX controls, Remember seeing one that checks for various files on your system. The main problem we have is due to Porn Dialers. Once the ActiveX control has run, they add a new connection to dialup networking. Thanks in advance, Jonathan Molando
Current thread:
- Simple question about ActiveX and IE Jonathan Mole (Mar 19)
- RE: Simple question about ActiveX and IE Menashe Eliezer (Mar 20)