Windows Internet Explorer enables you to select content in a webpage, drag it by using the mouse, and drop it elsewhere in the same webpage or in a webpage in a different Internet Explorer window.
After you install the cumulative update for Internet Explorer that is dated August 9, 2011, you can choose to prevent the drag-and-drop of content into a webpage that originates in a different domain. This can help avoid attacks where a malicious site may trick you into unknowingly selecting possibly sensitive content from one website and dropping the content into a possibly malicious website.
For more information about the cumulative update, click the following article number to view the article in the Microsoft Knowledge Base:
2559049 MS11-057: Cumulative Security Update for Internet Explorer: August 9, 2011
Summary
This article describes how to enable a fix to prevent the drag-and-drop of content into a webpage that comes from a different domain.
To have us enable this fix for you, go to the "Fix it for me" section. If you would rather enable this fix yourself, go to the "Let me fix it myself" section.
To enable this fix automatically, click the Fix this problem link under the "Enable this fix" heading. Then, click Run in the File Download dialog box, and follow the steps in the wizard.
To undo the fix and restore the original settings, click the Fix this problem link under the "Disable this fix" heading. Then, click Run in the File Download dialog box, and follow the steps in the wizard.
|
Enable this fix |
Disable this fix |
|---|---|
Notes
-
This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.
-
If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or to a CD, and then you can run it on the computer that has the problem.
Fix it for me
To enable this fix yourself, modify the following registry subkeys by using the values that are listed in the following registry value table.
Note Each subkey affects whether you can drag-and-drop content into a webpage in a particular Internet Explorer security zone.
To enable this fix for webpages in the Internet zone:
HKEY_ LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
To enable this fix for webpages in the Local Intranet zone:
HKEY_ LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
To enable this fix for webpages in the Trusted Sites zone:
HKEY_ LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
To enable this fix for webpages in the Restricted Sites zone:
HKEY_ LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
To enable this fix for webpages in the Local Machine zone:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
Registry value
|
Value Name |
Data type |
Value |
Meaning |
|---|---|---|---|
|
2708 |
dword |
0x03 |
Prevent the dragging of content from a webpage and dropping it into a webpage from a different domain but in the same window |
|
2709 |
dword |
0x03 |
Prevent the dragging of content from a webpage and dropping it into a webpage from a different domain in a different window |
Note These settings do not affect your ability to copy-and-paste content from one webpage to another webpage.
