.NET Framework
|
|
|
H
|
MH
|
M
|
ML
|
L
|
|
1
|
Loose XAML
|
D
|
D
|
E
|
E
|
E
|
|
2
|
XAML browser applications
|
D
|
D
|
E
|
E
|
E
|
|
3
|
XPS documents
|
D
|
E
|
E
|
E
|
E
|
.NET Framework-reliant components
|
|
|
H
|
MH
|
M
|
ML
|
L
|
|
4
|
Permissions for components with manifests
|
D
|
H
|
H
|
H
|
H
|
|
5
|
Run components not signed with Authenticode
|
D
|
E
|
E
|
E
|
E
|
|
6
|
Run components signed with Authenticode
|
D
|
E
|
E
|
E
|
E
|
ActiveX controls and plug-ins
|
|
|
H
|
MH
|
M
|
ML
|
L
|
|
7
|
Allow ActiveX Filtering
|
E
|
E
|
E
|
D
|
D
|
|
8
|
Allow previously unused ActiveX controls to run without
prompt
|
D
|
D
|
E
|
E
|
E
|
|
9
|
Allow Scriptlets
|
D
|
D
|
D
|
E
|
E
|
|
10
|
Automatic prompting for ActiveX controls
|
D
|
D
|
D
|
E
|
E
|
|
11
|
Binary and script behaviors
|
D
|
E
|
E
|
E
|
E
|
|
12
|
Display video and animation on a webpage that does not
use external media player
|
D
|
D
|
D
|
D
|
D
|
|
13
|
Download signed ActiveX controls
|
D
|
P
|
P
|
P
|
E
|
|
14
|
Download unsigned ActiveX controls
|
D
|
D
|
D
|
D
|
P
|
|
15
|
Initialize and script ActiveX controls not marked as
safe for scripting
|
D
|
D
|
D
|
D
|
P
|
|
16
|
Only allow approved domains to use ActiveX without
prompt
|
E
|
E
|
D
|
D
|
D
|
|
17
|
Run ActiveX controls and plug-ins
|
D
|
E
|
E
|
E
|
E
|
|
18
|
Run antimalware software on ActiveX controls
|
E
|
E
|
D
|
D
|
D
|
|
19
|
Script ActiveX controls marked safe for scripting*
|
D
|
E
|
E
|
E
|
E
|
Downloads
|
|
|
H
|
MH
|
M
|
ML
|
L
|
|
20
|
File download
|
D
|
E
|
E
|
E
|
E
|
|
21
|
Font download
|
D
|
E
|
E
|
E
|
E
|
ETC
|
|
|
H
|
MH
|
M
|
ML
|
L
|
|
22
|
Enable .NET Framework setup
|
D
|
E
|
E
|
E
|
E
|
Miscellaneous
|
|
|
H
|
MH
|
M
|
ML
|
L
|
|
23
|
Access data sources across domains
|
D
|
D
|
D
|
P
|
E
|
|
24
|
Allow dragging of content between domains into separate
windows
|
D
|
D
|
D
|
D
|
D
|
|
25
|
Allow dragging of content between domains into the same
window
|
D
|
D
|
D
|
D
|
D
|
|
26
|
Allow META REFRESH
|
D
|
E
|
E
|
E
|
E
|
|
27
|
Allow scripting of Microsoft web browser control
|
D
|
D
|
D
|
E
|
E
|
|
28
|
Allow script-initiated windows without size or position
constraints
|
D
|
D
|
D
|
E
|
E
|
|
29
|
Allow webpages to use restricted protocols for active
content
|
D
|
P
|
P
|
P
|
P
|
|
30
|
Allow websites to open windows without address or
status bars
|
D
|
D
|
E
|
E
|
E
|
|
31
|
Display mixed content
|
P
|
P
|
P
|
P
|
P
|
|
32
|
Don't prompt for client certificate selection when only
one certificate exists
|
D
|
D
|
D
|
E
|
E
|
|
33
|
Drag and drop or copy and paste files
|
P
|
E
|
E
|
E
|
E
|
|
34
|
Enable MIME Sniffing
|
D
|
E
|
E
|
E
|
E
|
|
35
|
Include local directory path when uploading files to a
server
|
D
|
D
|
E
|
E
|
E
|
|
36
|
Launching applications and unsafe files
|
E
|
E
|
E
|
E
|
E
|
|
37
|
Launching programs and files in an IFRAME
|
D
|
P
|
P
|
P
|
E
|
|
38
|
Navigate windows and frames across different domains
|
D
|
D
|
D
|
E
|
E
|
|
39
|
Render legacy filters
|
D
|
D
|
E
|
E
|
E
|
|
40
|
Submit non-encrypted form data
|
P
|
E
|
E
|
E
|
E
|
|
41
|
Use Pop-up Blocker
|
E
|
E
|
E
|
D
|
D
|
|
42
|
Use SmartScreen Filter
|
E
|
E
|
E
|
D
|
D
|
|
43
|
Userdata persistence
|
D
|
E
|
E
|
E
|
E
|
|
44
|
Websites in less privileged web content zone can
navigate into this zone
|
D
|
E
|
E
|
E
|
P
|
Scripting
|
|
|
H
|
MH
|
M
|
ML
|
L
|
|
45
|
Active scripting
|
D
|
E
|
E
|
E
|
E
|
|
46
|
Allow Programmatic clipboard access
|
D
|
P
|
P
|
E
|
E
|
|
47
|
Allow status bar updates via script
|
D
|
D
|
E
|
E
|
E
|
|
48
|
Allow websites to prompt for information using scripted
windows
|
D
|
D
|
E
|
E
|
E
|
|
49
|
Enable XSS filter
|
E
|
E
|
E
|
D
|
D
|
|
50
|
Scripting of Java applets
|
D
|
E
|
E
|
E
|
E
|
User Authentication
|
|
|
H
|
MH
|
M
|
ML
|
L
|
|
51
|
Logon
|
4
|
2
|
2
|
2
|
3
|
