Internet Explorer ??? ??????? ?? ????????? ?? ????? ??????? ???? ????? ????? ?????? ????????? ?? ??? ??

???? ?????? ???? ??????
???? ID: 232077 - ?? ???????? ?? ?????? ??? ?? ?? ???? ???? ???? ??.
??? ?? ??????? ???? | ??? ?? ??????? ????

?? ????? ??

?????

?? ??? ??????, particularly ????????? intranets ?? ????????? ??????? ?? ??? ?? ??????? ?????? ?? ????????? ???? ?? ??? ?????????? ?? ???????? ??? Obvious ??????? ?????? ??, Internet Explorer ???????? ??? ?? ???? ?? ??? ?? ??????? ??? ??? ???????? ?? ???? ??????? ??????? ??????? ?????????? ?? ??? ??? ??????? ????? ????? ????? ?? ????????? ??? ???? ??? ????????? ?????? ????? ?? ???

?? ???????????? ???????? ???????????? ????? ??? ???? ?? ??? preventable ???? ??? ????? ????? HTML ???, ????? ??? ????????? ?? ????? ????? ???? ????WebBrowser????????, ?? ??????????? ??????? ???? ???????

???????????, ?? ????? ????? ??? ??? ???-?????? ??????? ?? ??? ????? ?? ???????? ???????? ????? ??????? ?? ????? ?? ??? ????? ???? ?? ??? ?????? ?? ?? ????? ?? ?????? disruptive ?? ???? ???? ?? ???? ?? ???? ?? ????????? ?? ??????? ?? ????????? ???? ?? ??? ?? ???????? ???????? ??????? ?? ????? ???? ???

???? ???????

Internet Explorer ?? ????????? ???? ??????? ??????????????? ?? ?????? ?? ??? ????? ?????: ??????? ?? ??????? ???????? ????, ???????? ??? ???? ??????? ?????????? ????????? ?? ???? ???????? ??? ?? ?????????? ?????? ?? ??? ????? ??????? ??????? ????????? ???? ????? Furthermore, ??? ?????? ??? traditionally ????? ???? ???? ?? ??? ???????? ????? ??????? ?? ??? ?? ???? intentions: ???? intends ?????????? ?? ??? ?? ?? ???? ?? ?? ????? ?? ????????? ???? ?? ??? ?? ??? ?????? ?? ???? ???????????, ??? ???? ??? ?? ???? ??? (???? ?? ??? HTML ?????????<a></a>) ?? ???? ?? ??????? ???????????? ???????? ???? ?? ?? ?????? ?? ?? ???? ??????? ???? ?? ??? ?????? ????? ???? ?? ??? ??? ???? ?? ??? ?????? ????? ??? ??????, ????? ?? burden ?? ?? ??????????? ?????????? ?? ??? ?? ???? ?? ????? ?? ???? ?? ?????? ?? ??? ????? ?? ???? ?????

Internet Explorer decides ????????? ???? ?? ??? ?? ????????? ???????????? ????? ??????? ???? ????? ????????? ?? ???? ?? ??? ?? ?? ?? ????? ???? ???? ???? ??? ????????? ?? ??? ????????? ??? ??? ?? ??? ??? ??????? ?? ??????? ???????? ?? ??? ?????????? ?? ???? ?? ???? ????? ?????? ?? ???? ????? ?? ???? ????? ??????????? ????? ????? ???, ?? ?? ??? ????? ????? ?????? ??? ?? ??????? ????? ?????? ?? ???? ????????? ???? ?? ??? Internet Explorer ?? ??? ?????? ???? ??? ???????????? ??? ?? ?????? ?? ??? ???? ???????? ?????? ??????? ????????? ????? ??? ?? ?????? ?? ??????????? ??????flipping ????????????? ?? ??? ????? ?? ?????? ??????? ?????.

However, Internet Explorer contains a predefined, hard-coded list of file extensions that it inherently distrusts. These extensions correspond to generic executables and other kinds of files that have the capability to harm the user's machine without the proper security safeguards. The????? ???????dialog box cannot be prevented for any files of these types. The?? ?????? ?? ???? ????? ?? ???? ????? ?????option will be grayed out on the dialog box and you will not be able to select it. Following is the list of the file extensions for these file types.
?? ?????? ?? ??????? ?????? ?????? ?? ??????? ????
.ade.csh.lnk.mda.pif.vb
.adp. exe.mad.MDB.prf.VBE
.app.fxp.maf.MDE.prg.vbs
.asp. hlp.mag.mdt. pst.vsd
.bas.hta.mam.mdw. reg.vsmacros
.bat. inf.maq.mdz.scf.vss
.CER.INS.MAR.msc.scr.vst
. chm.ISP.mas.MSI.sct.vsw
.cmd.its.mat.MSP.shb.ws
.com.js.mau.mst.shs.wsc
.cpl.jse.mav.OPS.tmp.wsf
.crt.ksh.maw.pcd.url.wsh
?? ????? ?? ??? ??? ?? ???? ?? ???????? ???? ?? ???? ?? ?????? ?? ??????? "???????? ?????" ??????? ?? ??? ????

?? ??? ???????? ??? ??? ?? ???????? ????? ?????? ?? ?? ???? ?????? ?????? ????????? ????????? ??? ???? ?? ???????? ?? ????? ????? ?????? ?? ??????? ?? ????? ????? ?? ??? ?????? ???? Given ?? ???????????????? ???? ???? ?? ?? ??? ????????? ???? corporation ???????? ???? ?? ??? (well, ??? ?? ???? ??????? ???????? ????????? ?? ??? ??? ???????? ?? ??? ???), ??? ???-??? ??? ?? ??? ?????????? ?? ??? ???????? tedious ?? ???? ???????? ???????????? ????? ???, ????? ??? ?? ??? ????? ???? ?? ?? ????? ?? ????? ???? ???? ???

??? ?? ??? ???????? ????? ??????? ?? ??????????? ???? ??? ?? ?? ?????????? ?????? ???? ?? ????????? ??, ?? Internet Explorer ??? ?? ????????? ?????????? ???????????? ????? ?? ??????? ?? ??? ?? .. Worse ??? ??, hapless ??? ?????? ?? ??? Windows UNC ?????????--"\\server\share" ????????? ?? ??? ????? ?? ??????--??? ??? iniquity ?? ??? ?????

???????? intranets ?? ??? ?? ?? ?? ???? ?? ???????? ???? ?? ?? ??? ??? ????? ????????? ?? ??? ??????IFRAME ?? ????. ??????? ?????? ?? ???? ?? ????? ???? ???? ?? ???? ??, ????? ?? ???? ?? ???????? ???? ?? ?? ??? ??? ?? ?? ???? ?? ????? ?? ???? ?????????? ??? ??????? ?? ????. (Latter ???? ?????? ?? corporations, ???? ?? ??? ????.)

???:??????? ??????? ???? ?? ????? ??????? ??? ?? ?????? ??????? ????? ????? ??? ?????? ???? ?? ?????? troublesome????? ???????????? ????? ???, though, ?? ??????? ????? ????? ?? ??? ??? controllable ???? ??????-?????? ??????? ?????? ??? IFRAME ??????? ???? ???? ?? ??? ??, ?? ??? ????? ????? ????? ?? ???? ?? ?? ???? "?? ???? ?? ?????? ???? ?? ??? ????????? ?? ???? ??..." ?? ????? ??????? ?????? ?????? ????????? ????????????? ?? ?????? ??? ??? IFRAME ????? ????. ??????? ??? ?? ??? ??????? "???? ?? ??????? ???? ?? ?????..." ?????, reads ????? ?? ???? ?? ?? ????? ????? ?? ???? ?? ????? ??????? ?????? ?????? ????????? ????????????? ActiveX ???????? ??????? ????.

??? ?? ???? ????????? ??????? ??? ?? ???? ??? ??????? ?? ????? ???? ?? ???????? ?? ?? ?? ???????? ???????? ???????? ?? ????????? ?????????? ?? ?????? ??? ???? ?? ??? ???????????? ?? ??? ??? ??? ???? Internet Explorer ?????????? ??? (IEAK) ???????? ?? ??????? ???????? ???????? ???? ?? ???? ?? ??? ?????????? ?? ??? ?? ???? ??????? ?????? ???? ??? ???? ??????? ?? ???, ????? Microsoft TechNet ??? ???? ?? ????:
HTTP://TechNet.Microsoft.com/en-us/IE/bb219517.aspx
??????? ?????? ?? ????????? ????????????????????? ?? ???? ??? ???? ?? ????? ?? ??? ??? ??????? ???????? ??? ???????? ???? ?? ???????? ??? ???????, ?????? altered ??????? ?? ???????? ????? ?????? ??, ?????????? "????????? ??????" ?? ???? ??? ???? ??? ???? ????????????? ????????????? ??? ?????? ?? ????? ???? ????? ?? ????? ?? ?? ??? ???????? ??????? ?? ?? ?? ???? ??? ????? ??????? ????????? ?? ???? ??? ??????

IFRAME ?? ????

?? ?????? ??? ??? ??? exploits ???????? (<iframe>) ???????? ?? ???? Explorer ???? ???? ???? ????? ??? ????????? ???? ?? ??? Internet Explorer ?? ??????? ?? ????? ?? ???? ????:</iframe>
  1. ??????? ???? ?????? ?????????? ????? ?? Windows UNC ?? ?????? ?? ?????? ???? ?? ??? ????????? ????????? ????????? ?? ???? ????? ?????, ????, ?? ?????????? ??? ?? ?????
  2. ???????? ???????? ????? ????? ?? ??? ?? ??? ?????????? ?????, ?? ?????????? ??? ??????? ?? ????????? ?????? ???????????? ??? ???????? ????? ????? ?? ??? ?? ??? ?? ?? ????? ???? ??????
  3. Wherever ???????? ????? ?? ???? ????????? ???? ?? ????? ?? ???? ???, ?? ????? ??????? ?? HTML ????? ???:
    Click on the icon in the following window to run this very special 
    program automatically without annoying dialog boxes:
    
    <IFRAME SRC="\\server\share\directory"></IFRAME>
    						
    ??? ????? ?????????? ???, ????? ????? ?? ?? HTML ??? ???? ????? ??????
?????? ???? ?????????? ?? Explorer ???? ????? ????? ??? ????? ???? ??? ????????? ???? ?? ?????????? ???? ????? ??? ????? ?? ????? ???? ??, ?? ????? ?? ??? ?? ??? ??? ??? ?????????? ??? ???????? Windows Explorer ????? ??? ????? ????? ?? ????? ???? ???

??????? ??? ??????? ?? ????

?? complicated ?????? ??? ??? ??? bypasses ??????? ????? ??????? ????????? ?? ?????? ??????? ??? ??????? utilizing. ActiveX ???????? ?? ???? ??????? ??? ?????????? ???????? ??? ?? ??????? ???? ?? ??? ??? ????? ?? ?????? ???? ?? ?? Internet Explorer ?????? ?? ??????? ??????? ??? ??? Files obtained through Internet Code Download pass through the ActiveX security framework, which is controllable by security options.
  1. If the "executable file" is not a signable PE (.exe) such as a .bat file, then the file must be packaged in a .cab file with an INF in the following form.
    [version]
       signature="$CHICAGO$"
       AdvancedINF=2.0
    [Add.Code]
       file.zzz=file.zzz
    [file.zzz]
       clsid={15589FA1-C456-11CE-BF01-00AA0055595A}
       FileVersion=1,0,0,0
       hook=zzzinstaller
    [zzzinstaller]
       run=%EXTRACT_DIR%\file.zzz
    						
    Replace the instance of File.zzz above with the executable file to be run.

    For more information about how to package the .cab file, visit the following Microsoft Developer Network (MSDN) Web site:
    http://msdn.microsoft.com/en-us/library/aa741200(VS.85).aspx
  2. Ensure that the .exe (or .cab) is code-signed. If the .exe has not been signed, this can be done using the CryptoAPI Authenticode Code Signing tools. Refer to the CryptoAPI documentation in the MSDN Platform SDK under the "Security" heading for more information.

    ??????? ?????? ??, ?? ????? ?? ??? ??? ????????? ???? ?? ????????? ?? ??????? ?? ??????? ???? ?????????? ?? ???? ????? ?????? ????????? ??? ???? VeriSign ????? ?????????? ?? costly ?????? ???? ?? ????? ?? ????????? ?? ???? Microsoft ?????????? ????? ?????? ???? ????? ?? ?????? ?????? ??? ????????? ?????
  3. ????????? ????? ?? ???? ??????????? ??? ?? ????? ???? ?? ??? ?????? ?? ???? ?? ??? ??? guideline ?? ??? ??? ?? ?????? ????? ?? ????? ????:
    <HTML><HEAD><TITLE>Page of executable links</TITLE></HEAD>
    <BODY>
    <BR/>
    
    <!-- hyperlink uses central script function called linkit() -->
    <A HREF="" onclick="return linkit('signed-testfile.exe');">
    SIGNED-CLOCK.EXE</A>
    
    <SCRIPT>
    // linkit puts filename into HTML content and spews it into iframe
    function linkit(filename)
    {
       strpagestart = "<HTML><HEAD></HEAD><BODY><OBJECT CLASSID=" +
          "'CLSID:15589FA1-C456-11CE-BF01-00AA0055595A' CODEBASE='";
       strpageend = "'></OBJECT></BODY></HTML>";
       runnerwin.document.open();
       runnerwin.document.write(strpagestart + filename + strpageend);
       window.status = "Done.";
       return false;  // stop hyperlink and stay on this page
    }
    </SCRIPT>
    
    <!-- hidden iframe used for inserting html content -->
    <IFRAME ID=runnerwin WIDTH=0 HEIGHT=0 SRC="about:blank"></IFRAME><BR/>
    
    </BODY></HTML>
    					
?? ?????-???? ?????? Microsoft ?? ???????? ???????? ?????? ??????? ??? ?? ??? ????? ?? ???? ????? ???? ??.. Microsoft ?? ???????? ?? ????? ???????? ?? ??????????? ?? ???? ??? ??? ?? ??????, ?????????? ?? ???? ???? ?????? ?? ??? ???? ??..

???

???? ID: 232077 - ????? ???????: 22 ??????? 2011 - ??????: 3.0
???? ???? ???? ??:
  • Microsoft Internet Explorer 4.01 Service Pack 1
  • Microsoft Internet Explorer 6.0
??????: 
kbdhtml kbinfo kbnavigation kbsecurity kbmt KB232077 KbMthi
???? ?????? ????????
??????????: ?? ???? ?? ???? ??????? ?? ????? ?? Microsoft ????-?????? ?????????? ?????? ?????? ???? ??? ??. Microsoft ???? ??? ????-???????? ?? ????-???????? ????? ?????? ?? ???? ???????? ???? ?? ???? ????? ????? ??? ?? ??? ?????? ?? ???? ???? ???? ??? ????? ??. ???????, ????-???????? ???? ????? ???? ???? ???? ???. ?????, ????????, ?????-???? ?? ??????? ?? ???????? ?? ???? ???, ???? ?? ??? ?????? ???? ???? ??? ????? ??? ?? ???? ??. Microsoft ??????? ??? ???? ?? ?????? ?? ??????????, ????????? ?? ??? ?????? ?? ???? ????? ?? ???? ???????? ?? ??? ???? ????? ?? ??? ????????? ???? ??. Microsoft ????-?????? ?????????? ?? ????? ?????? ?? ?? ??? ??.
?????????? ?? ??????? ????????? ??????? ??:232077

??????????? ???

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com