Show HTA with images BUT lockdown any browsing or click events being used

Started by GOA_SA, September 06, 2013, 01:19:59 PM

Previous topic - Next topic



We are trying to open existing HTA's in our enterprise locked down environment via application data work instruction hta pages that contain images.

We cannot use the mshta.exe or use as html (iexplore.exe) due to users being able to ctrl + o or abuse other vulnerabilities that allow crafty users access to browsing etc, after intially being launched with an admin account ... so this is a huge concern for us.

We tried using com control in a custom winbatch dialog to show the hta or html via a locked down fashion for read only but are having issues with how to display them with images ... do you have any samples or suggestions we can try to achieve this with?

1. open, import, copy and paste existing HTA contents or files in a winbatch dialog
2. said dialog needs to work around, lockdown, disable, etc the existing vulnerabilities that are inherant using HTA and HTML MS viewing utilities like mshta.exe, iexplore.exe etc.

Many thanks in advance!

Best Regards,


What are the "Issues"?   I display images in browser controls and haven't had any problems.