Check: DTBI940
Microsoft Internet Explorer 10 STIG:
DTBI940
(in versions v1 r16 through v1 r14)
Title
Scriptlets must be disallowed (Restricted Sites zone). (Cat II impact)
Discussion
This policy setting allows you to manage whether scriptlets can be allowed. Scriptlets hosted on sites located in this zone are more likely to contain malicious code. If you enable this policy setting, users will be able to run scriptlets. If you disable this policy setting, users will not be able to run scriptlets. If you do not configure this policy setting, a scriptlet can be enabled or disabled by the user.
Check Content
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone "Allow Scriptlets" must be "Enabled", and "Disable" selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value 1209 is REG_DWORD = 3, this is not a finding.
Fix Text
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone "Allow Scriptlets" to "Enabled", and select "Disable" from the drop-down box.
Additional Identifiers
Rule ID: SV-45301r1_rule
Vulnerability ID: V-22637
Group Title: DTBI940 - Scriptlets - Restricted
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |