[11595] in bugtraq
Re: IE 5.0 allows executing programs
daemon@ATHENA.MIT.EDU (Jesper M. Johansson)
Mon Aug 30 06:30:27 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <000f01bef163$ecb5b420$58207aa8@bu.edu>
Date: Sat, 28 Aug 1999 10:44:32 -0400
Reply-To: jjohanss@bu.edu
From: "Jesper M. Johansson" <jjohanss@BU.EDU>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3.0.3.32.19990823100807.04d43940@mail.mindspring.com>
>Actually, the setting that goes right to the heart of this one is "Script
>ActiveX Controls Marked Safe For Scripting". Default for "Internet Zone"
>is Enable. It is probably safest to set it to either disable or prompt.
>On some sites, you'll find that you may want this to function, and I'd
>consider adding them to the "trusted sites" zone.
I don't know that you want it as a trusted site, but I realized yesterday
that Windows Update needs to be able to "Script ActiveX Controls Marked Safe
For Scripting." Thus, if you want to be able to use Windows Update, you must
set this to either enable or prompt.
Jesper
