Navigate

Check: DTBI024

Microsoft IE Version 7: DTBI024 (in version v4 r20)

Title

Initialize and script ActiveX controls not marked as safe for internet zone is not disabled. (Cat II impact)

Discussion

This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

Check Content

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> "Initialize and script ActiveX controls not marked as safe" will be set to “Enabled” and "Disable" selected from down drop box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value 1201 is REG_DWORD = 3, this is not a finding.

Fix Text

Additional Identifiers

Rule ID: SV-16443r1_rule

Vulnerability ID: V-6245

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
No controls are assigned to this check