Registry fixes for the recent IE vulnerabilities

From: Mike Cheng (
Date: 07/01/04

  • Next message: "[HW-MED] XSS in Netegrity IdentityMinder"
    Date: 1 Jul 2004 20:26:22 -0000
    ('binary' encoding is not supported, stored as-is)

    Here are the fixes to patch the 2 vulnerability referenced here and here, and stop cross-zone scripting for IE without affecting daily web browsing abilities.

    1. Fix the vulnerability so you won't download files through a web page. Modify or add the following registry key to set a kill bit on this CLSID.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
    Compatibility\{00000566-0000-0010-8000-00AA006D2EA4}] "Compatibility

    2. Change the security setting for the hidden "Local Computer Zone" in IE. To show the zone you need to modify the following registry.

    [HKEY CURRENT USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
      "Flags"= dword:00000001

    Then open up IE and go to "Tools" -> "Internet Options" -> "Security" tab -> click on the "My Computer" zone and set the "Custom" security to high.

    Doing this will affect the files that you open on local machine, so if you are developing a app locally remember to switch back to medium or low security.

    Here's a tip if you are a developer, add a new zone in the registry for unrestricted setting and add and your machine name the the site.

    You can add a zone by exporting one of the keys under

    HKEY CURRENT USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\

    and modify it to your liking and add it back in the registry.

  • Next message: "[HW-MED] XSS in Netegrity IdentityMinder"

    Relevant Pages

    • Re: script error message in Outlook Express 6
      ... I read the page links you gave me and found the spots to modify in my ... registry. ... You need to turn on scripting in the security settings for the ... >> for a particular Zone. ...
    • Re: Internet Zone Missing/merged with Restricted Sites Zone
      ... Settings\Zones there isn't a "Restricted Sites node " There is only the ... - Internet ... I am able to use the Registry, Export Registry menu to save a .reg file ... create the Zone entry for the Internet Zone... ...
    • Re: sus office updates
      ... You can modify the registry ... or you can script a change for MSI to add ... my "encrypted" product code for Office 2003 Professional is: ...
    • Re: Internet Zone Missing/merged with Restricted Sites Zone
      ... While working on the computer the Windows Registry Tool came up and ran. ... nodes including the Internet Zone. ... Settings\Zones there isn't a "Restricted Sites node " There is only the ...
    • Re: 2007 Daylight Savings Time Change
      ... zone to anything else, and then change it back to the correct zone. ... I just want to update the 5 2000 Pro machines I have using the registry ... inwhich I need to apply these updates i.e. server then exchange server, ...