Re: Windows XP SP2 and IE 6.0 security settings -- web pages on local drive

From: PA Bear (PABearMVP_at_gmail.com)
Date: 02/04/05


Date: Fri, 4 Feb 2005 01:05:23 -0500

Description of the Internet Explorer Information Bar in Windows XP SP2
http://support.microsoft.com/?kbid=843017

There is a setting in IE Tools>Internet Options>Security>[zone]>Custom where
you can over-ride this behaviour. As doing so is a security risk, I will
not post it here in a public newsgroup. See the following KB articles for
some guidance:

Working with Internet Explorer 6 Security Settings
http://www.microsoft.com/windows/ie/using/howto/security/settings.asp

Use Security and Privacy Features in Internet Explorer 6
http://www.microsoft.com/windowsxp/pro/using/howto/security/ie6.asp

Setting Up Security Zones
http://www.microsoft.com/windows/ie/using/howto/security/setup.asp

-- 
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE) & Security
spam-hater wrote:
> I have a Windows XP Home SP1 system to which I have applied SP2.  The
> system is completely up-to-date according to Windows Update.   I am
> using Internet Explorer 6.0 with the default browser security
> settings.  This problem started after applying SP2.
>
> I have built several web sites on this machine. When these are
> uploaded to a server, I can view them with Internet Explorer 6.0
> without any problem. (IE 6 show the security zone as "Internet".)
>
> If I try to view the SAME files on my local drive, the "Information
> Bar" pops up with the message "To help protect your security, Internet
> Explorer has restricted this file from showing active content that
> could access your computer. Click here for options...". (IE 6 shows
> the security zone as "Local Intranet".)
>
> I have tried every Local Intranet security setting. There doesn't seem
> to be any way to display local web pages containing active content
> without a security alarm.  I've even tried defining the local
> directory as a Trusted site.
>
> Other software that generate local HTML that is viewed via Internet
> Explorer, Belarc Advisor for example, have the same problem.
>
> It looks to me like it's an Internet Explorer problem. I'm baffled as
> to why content from the Internet would be allowed, but the SAME
> content from a local drive would be disallowed.  (I guess it's because
> the pages are reading graphics and other content from the local
> drive.)
>
> If anyone knows of browser setting or some other work around that
> would eliminate this problem, I would be happy to try them.  According
> to a friend, it doesn't happen with the Firefox browser.  I would like
> to continue to use Internet Explorer to verify the sites. 


Relevant Pages

  • [NT] Microsoft Internet Explorer Drag-and-Drop Redeux
    ... Get your security news from a reliable source. ... Microsoft Internet Explorer suffers from a vulnerability in its handling ... Windows 98 Second Edition ... Set the "Web sites in less privileged content zone can navigate into ...
    (Securiteam)
  • ADODB.stream
    ... MICROSOFT RELEASES SECURITY UPDATE ... but it changes settings in Windows ... direct Internet Explorer browsers to automatically run the ... The software update covers Windows XP, ...
    (microsoft.public.security)
  • [NT] Microsoft Agent Remote Code Execution (MS07-020)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Outlook Express open HTML e-mail messages in the Restricted sites zone. ... section for more information about Internet Explorer Enhanced Security ...
    (Securiteam)
  • [NT] Vulnerability in Microsoft Agent Allows Code Execution (MS06-068)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... for more information about Internet Explorer Enhanced Security ... Configure Internet Explorer to prompt before running ActiveX Controls ...
    (Securiteam)
  • [NT] Vulnerability in Microsofts HTML Converter Could Allow Code Execution
    ... Beyond Security in Canada ... to promote the most advanced vulnerability assessment solutions today. ... Internet Explorer on Windows Server 2003 runs in Enhanced ... all intranet Web sites and all Universal Naming Convention paths ...
    (Securiteam)