These features help isolate Internet Explorer in the Internet zone from the rest of the
system, which greatly reduces the avenues of attack and the damage that can be done by
a malicious web site. Attacking a user??™s system with an ActiveX control, a Flash object,
JavaScript, or VBscript, should be more difficult to accomplish under IE 7 Protected
Mode without user interaction.
247
INDEX
?–? A
a (HTML), 72, 74
ActionScript, 30, 224, 227, 236
Active content, 80
ActiveX controls, 198??“222
attacks on, 209??“210
automated testing of, 213??“214
axenum/axfuzz, 214??“217
AxMan, 217??“219
buffer overflows, 208, 219
and C++, 199
and cab files, 204
dangerous actions with, 207
and DNS, 202??“203
flaws in, 201??“219
fuzzing of, 214
HTTPS requirement for, 209
in IE, 207??“208, 219??“222
invocation of, 202??“203, 211??“212
iSEC??™s SecurityQA Toolbar for, 213??“214
and Java applets, 200
and Microsoft, 198, 200, 222
preventing, 207??“208
protection of, 219??“222
safe for initialization, 205??“207
safe for shopping, 205??“207
script execution, 211
securing, 203, 208
SFS/SFI conversion, 208??“209
signing of, 203??“205
SiteLock for, 203
and SSL, 202
testing of, 212??“214, 219
unmarking scripts, 205??“207
URLRoot paths, 209
uses of, 200
and XSS, 202
ActiveX interface, 199
ActiveX methods, 199
ActiveX objects, 199
ActiveX Opt-In feature, 219, 243??“244
ActiveX properties, 199
ActiveX.
Pages:
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431