Zone file launch

Risk Level: Low risk vulnerability  Low

Check or Attack Name: Zone file launch
Platforms: Windows NT, Internet Explorer
Description:

The security zone settings allow files or applications to be launched directly from the URL security zone of the HTML page that contains the file or application. Potentially malicious files or applications may automatically execute on the host without the user's knowledge.
Remedy:

Depending on your version, select one of the following choices in Internet Explorer:

  • For Internet Explorer 4.x:

    1. Open Internet Explorer 4.x.
    2. From the View menu, select Internet Options.
    3. Click the Security tab.
    4. Select the appropriate Zone.
    5. Click Custom (for expert users).
    6. Click Settings.
    7. Disable Launching applications and files in an IFRAME.
    8. Click OK twice to apply the changes.

  • For Internet Explorer 5.x:

    1. Open Internet Explorer 5.x.
    2. From the Tools menu, select Internet Options.
    3. Click the Security tab.
    4. Select the appropriate Zone.
    5. Click Custom Level.
    6. In the Miscellaneous area, disable Launching programs and files in an IFRAME.
    7. Click OK twice to apply the changes.
References:
X-Force Logo
Know Your Risks