How to prevent cross-domain drag-and-drop functionality in Internet Explorer

Article translations Article translations
Article ID: 2581921 - View products that this article applies to.
This article describes how to enable a fix to prevent the drag-and-drop of content into a webpage that comes from a different domain.

To have us enable this fix for you, go to the "Fix it for me" section. If you would rather enable this fix yourself, go to the "Let me fix it myself" section.

Expand all | Collapse all

SUMMARY

Windows Internet Explorer enables you to select content in a webpage, drag it by using the mouse, and drop it elsewhere in the same webpage or in a webpage in a different Internet Explorer window.

After you install the cumulative update for Internet Explorer that is dated August 9, 2011, you can choose to prevent the drag-and-drop of content into a webpage that originates in a different domain. This can help avoid attacks where a malicious site may trick you into unknowingly selecting possibly sensitive content from one website and dropping the content into a possibly malicious website.

For more information about the cumulative update, click the following article number to view the article in the Microsoft Knowledge Base:
2559049 MS11-057: Cumulative Security Update for Internet Explorer: August 9, 2011

MORE INFORMATION

To enable this fix automatically, click the Fix this problem link under the "Enable this fix" heading. Then, click Run in the File Download dialog box, and follow the steps in the wizard.

To undo the fix and restore the original settings, click the Fix this problem link under the "Disable this fix" heading. Then, click Run in the File Download dialog box, and follow the steps in the wizard.


Collapse this tableExpand this table
Enable this fixDisable this fix
Fix this problem
Microsoft Fix it 50743
Fix this problem
Microsoft Fix it 50742

Notes
  • This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.
  • If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or to a CD, and then you can run it on the computer that has the problem.

Let me fix it myself

To enable this fix yourself, modify the following registry subkeys by using the values that are listed in the following registry value table.

Note Each subkey affects whether you can drag-and-drop content into a webpage in a particular Internet Explorer security zone.

To enable this fix for webpages in the Internet zone:
HKEY_ LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

To enable this fix for webpages in the Local Intranet zone:
HKEY_ LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1

To enable this fix for webpages in the Trusted Sites zone:
HKEY_ LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

To enable this fix for webpages in the Restricted Sites zone:
HKEY_ LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4

To enable this fix for webpages in the Local Machine zone:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

Registry value

Collapse this tableExpand this table
Value NameData typeValueMeaning
2708dword0x03Prevent the dragging of content from a webpage and dropping it into a webpage from a different domain but in the same window
2709dword0x03Prevent the dragging of content from a webpage and dropping it into a webpage from a different domain in a different window

Note These settings do not affect your ability to copy-and-paste content from one webpage to another webpage.

Properties

Article ID: 2581921 - Last Review: August 9, 2011 - Revision: 1.0
APPLIES TO
  • Windows Internet Explorer 9, when used with:
    • Windows 7 Service Pack 1
    • Windows 7 Enterprise
    • Windows 7 Home Basic
    • Windows 7 Home Premium
    • Windows 7 Professional
    • Windows 7 Starter
    • Windows 7 Ultimate
    • Windows Server 2008 R2 Service Pack 1
    • Windows Server 2008 R2 Datacenter
    • Windows Server 2008 R2 Enterprise
    • Windows Server 2008 R2 Foundation
    • Windows Server 2008 R2 Standard
    • Windows Vista Service Pack 2
    • Windows Server 2008 Service Pack 2
  • Windows Internet Explorer 8, when used with:
    • Windows 7 Service Pack 1
    • Windows 7 Enterprise
    • Windows 7 Home Basic
    • Windows 7 Home Premium
    • Windows 7 Professional
    • Windows 7 Starter
    • Windows 7 Ultimate
    • Windows Server 2008 R2 Service Pack 1
    • Windows Server 2008 R2 Datacenter
    • Windows Server 2008 R2 Enterprise
    • Windows Server 2008 R2 for Itanium-Based Systems
    • Windows Server 2008 R2 Foundation
    • Windows Server 2008 R2 Standard
    • Windows Vista Service Pack 2
    • Windows Server 2008 Service Pack 2
    • Microsoft Windows XP Service Pack 3
    • Microsoft Windows Server 2003 Service Pack 2
  • Windows Internet Explorer 7, when used with:
    • Windows Vista Service Pack 2
    • Windows Server 2008 Service Pack 2
    • Microsoft Windows XP Service Pack 3
    • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Internet Explorer 6.0, when used with:
    • Microsoft Windows XP Service Pack 3
    • Microsoft Windows Server 2003 Service Pack 2
Keywords: 
kbfixme kbmsifixme kbexpertiseinter kbprb kbsurveynew KB2581921

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com