Helpful Information
 
 
Category: Computing & Sciences
Registry and Web(Any of the Above)

PI:
Not so recently, I went to a Web site which, without my knowledge (which couldn't of been too hard,
seeing as IE's security was set to an all time low, just covering ActiveX and FileDownloads), and inserted a
value/data pair into my registry, forcing two instances of IE (or the default browser, I'm not sure, because
the former and the latter were the same at the time) to open going to the home page, which it required
to default back to itself (how convenient).

Needless to say, this was annoying.

PII:
But back to the future, or present, more recently another site arranged(How I don't know) to change my
registry in a more intriguing area(*hits F7*), namely:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt,
enabling a new option on the right click menu of IE.

PIII:
In another encounter with the third kind, I noticed that once when viewing a certain page, on right click
under "encoding", appeared an option for "LTR" or "RTL", which has the same effect as the "dir=" in the
<body>(?) tag.

PIV:
Under:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components
Are the list of Active Desktop Components, now when merging an exported Registry file with fewer Entries
than that of the current Key, It merely overlaps.

So my questions are:

(1)P#I:
Was PI a security issue? Or can a page actually edit your
registry?
(2)P#II:
To implement a similar effect (Menu Selection) in the registry,
what value/data pairs would I have to insert\would be valid?
(3)P#III:
Was this an IE default implemented within the document, or
a registry screw-up? If the latter(either actually), how was it
implemented?
(4)PIV:
So, is there a way to force a complete overwrite of the specified
Key (To prevent cave-men from infiltrating and 'accidently' deleting
the contents of a purposely hidden file/folder)

Thanks,
Guardian

PS. As the header implies: Any of the Above

&nbsp;&nbsp;PSS. In case of misunderstanding:
&nbsp;&nbsp;Q(1) Was to fix the security issue
&nbsp;&nbsp;Q(2) Was to implement a similar effect
&nbsp;&nbsp;Q(3) Was to activate the Menu selection &nbsp;&nbsp;indiscriminately
&nbsp;&nbsp;Q(4) Was to do exactly what it sounds like.

Main Body:
&nbsp;If I'm violating any ethical codes here, please let me know, I'm
not actually trying to reverse engineer stuff or anything like
that. If there's a problem, please let me know... I'll understand,
it's not everyday (well maybe it is) that someone tries to fool
around in the registry. It all started when Q(1) came knocking.

Thanks,
&nbsp;Guardian

Under your security settings in IE, what level is the 'Internet Zone' set to? It should be medium. If it is lower, thats what allowed malicious code to be ran on your computer.

&nbsp;Well, at the time I think it was configured to allow cookies from all sites, and to allow scripts to run
at will, but not to allow ActiveX or "Unsigned Java Applets" I think it was. So I can't of what the
"malicious"(although it didn't do much) code could have been in.

&nbsp;I don't think that JavaScript or VBScript could have done it, where as something written in the
C(++) family definitely could have, I'm at a loss for words here.

&nbsp;But perhaps... could VBScript have done something indirect to the registry if IE's hole in
the security allowed it to run?

Thanks,
&nbsp;Guardian

PS. Just for the record, PII feels like deja vu, it happened again, but the security is on Med.

If your security settings are suitably low, VBScript could format your c: drive

hi
i don't know if i should post this here but i am trying to build an a javascript page that would control an activex menu. This menu will dynamically change everytime a user enters in their favourite website and name of web site. I think i will need to use an array but i cannot seem to find out how to chnage a activex menu to whatever is entered into a text box
Can anyone help!!!

P2:
That involves working with regedit, so be careful. That's a very simple example:

Go to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt

Edit>New Key

name it "Change title" (without the quotes)

Default value to "C:\WINDOWS\WEB\ChTitle.htm"


Chtitle.htm (save it to C:\WINDOWS\WEB)



<HTML>
<SCRIPT LANGUAGE="JavaScript" defer>
var parentwin = external.menuArguments;

var noutitol = parentwin.prompt(" New title? ",parentwin.top.document.title);

if (noutitol != null)
{
parentwin.top.document.title =noutitol;
}

</SCRIPT>
</HTML>


Restart ie and now you can change the title of the current page from the context menu










privacy (GDPR)