Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Microsoft signed software can be install software without pro mpting users
From: ACR () ALS CO UK (Alan Ramsbottom)
Date: Mon, 21 Feb 2000 22:51:41 -0000


From: "Juan Carlos Garcia Cuartango" <cuartango () teleline es>

I have prepared a demo in
http://www.angelfire.com/ab/juan123/iengine.html

Which says:

"How to close the back door

 Disable the "Download signed ActiveX" security option".
 But this solution will also forbid other software manufacturers
 to offer you their software in the clear way, that is :
 asking before install. As usual, you can also disable
 JavaScripting as an alternative to the first solution."

Disabling the specific control rather than all component download or jscript
might be preferable for some folk.

When Juan found the problem with the DHTML Edit control last year, someone
from MS intriguingly mentioned "classid revocation" as a means to disable a
specific control. We didn't get any useful details at the time, but some
info finally surfaced in the MS KB article Q240797.

NB: I've only tested this under W2K+IE5 and don't blame me if things break:

1) Run up a registry editor and go to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\

2) Create a new key based on the CLSID of the Active Setup controls:

{6E449683-C509-11CF-AAFA-00AA00B6015C}

3) Under your new key, create the REG_DWORD value:

Compatibility Flags      0x00000400

This sets the "kill bit" for the Active Setup control i.e. stops it from
being run via IE. This can be reversed by deleting the value or the whole of
your new key.

PS: Does anyone know the definitions for the other flag bits?

-Alan-


  By Date           By Thread  

Current thread:
  • Re: Microsoft signed software can be install software without pro mpting users Alan Ramsbottom (Feb 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]