Re: Minor IE vulnerability: about: URLs

From: Clover Andrew (acloverat_private)
Date: Wed Oct 24 2001 - 06:15:55 PDT

Next message: bugzillaat_private: "[RHSA-2001:124-04] Updated mod_auth_pgsql packages available"

Previous message: zen-parse: "Advisory: Corrupt RPM Query Vulnerability"
Maybe in reply to: Clover Andrew: "Minor IE vulnerability: about: URLs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Julian Hall <julesat_private> wrote:

> Another approach would be to write your own version of the 
> about: protocol module, and point the server to your
> implementation DLL.

Aye, that would work. But after wandering aimlessly in the registry I've
stumbled upon a quicker workaround.

Go to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\ProtocolDefaults and add a DWORD, name 'about', value
'4'. This puts about: URLs in the Restricted Sites Zone. Hurrah!

-- 
Andrew Clover
Technical Consultant
1VALUE.com AG

Next message: bugzillaat_private: "[RHSA-2001:124-04] Updated mod_auth_pgsql packages available"
Previous message: zen-parse: "Advisory: Corrupt RPM Query Vulnerability"
Maybe in reply to: Clover Andrew: "Minor IE vulnerability: about: URLs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 24 2001 - 10:34:10 PDT