Welcome to WebmasterWorld Guest from 54.167.0.111

Forum Moderators: open

Message Too Old, No Replies

Do *.hta cause security warning in SP2?

Do *.hta cause security warning in SP2?

     

affter333

3:07 pm on Dec 2, 2004 (gmt 0)



Hi:
I intent to write some hta and let my visitors save to HD
and run it locally, I don't want my hta look suspicious. So
which one cause security warning in SP2?(default setting)

1. Start/click on HTA page in local zone.
2. Hta tries to access FSO (FileSystemObject)
2. Hta tries to WScript.Shell

Don't have XP, can't test it. really appreciate any info..

Thanks for your kind help....
================================================================
TEST.HTA

<HTML>
<a href="#" onclick="fso=new ActiveXObject('Scripting.FileSystemObject')">FSO</A>
<BR><BR>
<a href="#" onclick="wsh=new ActiveXObject('WScript.Shell')">WScript.Shell</A>
</HTML>
================================================================

DrDoc

1:28 am on Dec 3, 2004 (gmt 0)

WebmasterWorld Senior Member drdoc is a WebmasterWorld Top Contributor of All Time 10+ Year Member



No security warnings should be generated for either of them (tested, and did not receive any), since it's all run locally. Also, that's the way HTA's are designed, to allow privileged access in a normally insecure environment.

ricfink

3:36 am on Dec 7, 2004 (gmt 0)

10+ Year Member



Be aware that the default settings for both Norton and McAfee antivirus might detect some of the actions the HTA takes as suspicious and suspend operation until the user clicks OK.
I had a particular problem with an HTA that used WSH Sendkeys. Norton prevented it.
Had to go into Norton's settings to disable that behavior.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month