Chew
on that for a while and we??™ll discuss abusing the design factors of ActiveX controls later
in the chapter.
Internet Explorer Security Zones
One more piece of background knowledge you need to understand client-side browser
exploits is the idea of Internet Explorer security zones. Assigning websites to different
???zones??? gives you the flexibility to trust some websites more than others. For example,
you might choose to trust your corporate web server and allow it to run Java applications
while refusing to run Java applications from web servers on the Internet. The four builtin
IE security zones are Restricted Sites, Internet, Intranet, and Trusted Sites from least permissive
to most permissive. You can read about the default security settings for each
zone and how IE decides which zone the URL should be loaded in at http://msdn2
.microsoft.com/en-us/library/ms537183.aspx. There??™s also one implicit security zone
called Local Machine zone.
As you might guess, web pages loaded in the most restrictive Restricted Sites zone are
locked down. They are not allowed to load ActiveX controls or even to run JavaScript.
One important use for this zone is viewing the least trusted content of all??”e-mail. Outlook
uses the guts of Internet Explorer to view HTML-based e-mail and it loads content
in the Restricted Sites zone, so viewing in the Outlook preview pane is fairly safe.
Pages:
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652