IE security patch security update 896358 and CHM files

Discussion:

(too old to reply)

Momo

2009-06-24 09:51:28 UTC

Hi,

We have an issue with an IIS website which launches a local CHM file
located on users workstations. THe website has a link to a CHM file
that is located on each users c:\ with the following command

mk:@MSITStore:C:\Program%20Files\Helpfile\Test.chm::/343.htm

I did some searching and found this feature was disabled by a Windows
security update 896358, I've looked at the document and tried the
registry settings

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions]
"MaxAllowedZone"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions]
"UrlAllowList"="http://www.wingtiptoys.com/;http://www.contoso.com/"

and also

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions]
"NestedProtocolList"="http:;ftp:"

but doesn't seem to fix the problem, can anyone give me some advice
please.

Many thanks

m***@gmail.com

2009-06-24 10:04:45 UTC

Permalink

Can someone tell me whats the syntax for a local file mk:@MSITStore:C:
\Program%20Files\Helpfile\Test.chm::/343.htm

is this correct?

"UrlAllowList"="C:\\Program%20Files\\Helpfile\\Test.chm;file://;"

What I'm actually finding is when I click on the IIS URL website thats
supposed to launch this CHM I get no response at all - there's no pop-
up IE or error message.

many thanks

m***@gmail.com

2009-06-24 14:13:15 UTC

Permalink

Actually I've just done some testing on one of our websites to have
the IIS page link a CHM to a file located on a network drive which
works by adding the

URLAllowList K:\\helpfile.chm;file://;

and now it works fine.

But what I actually want to do is have the URL point to a local file
on my c:\ which I have tried but when I tried using

URLAllowList C:\\helpfile.chm;file://;

it doesn't work.

Is there something wrong with the syntax or something?

Cheers

m***@gmail.com

2009-06-24 16:04:55 UTC

Permalink

Guys I;m starting to get a bit confused here whether the issue I'm
facing is got to do with the IE "URLAllowList C:\
\helpfile.chm;file://; " setting or more to do with the "IE Zone
elevation" security becuase from more of the research I've done seems
to be pointing to zone elevation where a given website zone eg.
"Intranet Zone" is trying to just across to another security zone when
the webiste tries to access the file located on my c:\help.chm file.

If thats the case I've looked at the registry settings for that I
think under;
CU\Software\Microsoft\CurrentVersion\Internet Settings\LockdownZone\0
something like that and changing the 2101 value to "0" but even this
hasn't work.

I've tried modifying the webpage and even have to try to point to a
local c:\text.xtx document and even that doesn;t seem to work

and also tried the

HKCU\Software\Microsoft\Internet Explorer\Main

Disable_Local_Machine_Navigate = 0 (REG_DWORD)

and that doesn't work either.

Were running WinXP SP2 with IE6 Sp2.

Cheers