URL security zone unsigned ActiveX download

Risk Level: Medium risk vulnerability  Medium

Check or Attack Name: Zone unsigned download
Platforms: Internet Explorer
Description:

The security zone settings allow unsigned ActiveX controls to be downloaded directly from the URL security zone of the HTML page that contains the control. Potentially malicious ActiveX controls may be automatically downloaded.
Remedy:

Depending on your version, select one of the following choices in Internet Explorer:

  • For Internet Explorer 4.x:

    1. Open Internet Explorer 4.x.
    2. From the View menu, select Internet Options.
    3. Click the Security tab.
    4. Select the appropriate Zone.
    5. Click Custom (for expert users).
    6. Click Settings.
    7. In the ActiveX Controls and Plugins area, disable Download Unsigned ActiveX Controls.
    8. Click OK twice to apply the changes.

  • For Internet Explorer 5.x:

    1. Open Internet Explorer 5.x.
    2. From the Tools menu, select Internet Options.
    3. Click the Security tab.
    4. Select the appropriate Zone.
    5. Click Custom Level.
    6. In the ActiveX Controls and Plugins area, disable Download Unsigned ActiveX Controls.
    7. Click OK twice to apply the changes.
References:
X-Force Logo
Know Your Risks