8.1.5 Set 'Allow paste operations via script' to 'Enabled:Disable'

Information

*Description*

This policy setting allows you to manage whether scripts can perform a clipboard
operation (for example, cut, copy, and paste) in the security zone. The recommended state
for this setting is- Enabled-Disable.

*Rationale*

A malicious script could use the clipboard in an undesirable manner, for example, if the
user had recently copied confidential information to the clipboard while editing a
document a malicious script could harvest that information. It might be possible to exploit
other vulnerabilities in order to send the harvested data to the attacker.

Solution

To implement the recommended configuration state, set the following Group Policy setting
to Enabled.

Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone\Allow cut, copy or paste
operations from the clipboard via script\Allow cut, copy or paste operations from the
clipboard via script

Then set the Allow paste operations via script option to Disable.

Impact-If you enable this policy setting, a script can perform a clipboard operation. If you select
Prompt in the drop-down box, users are queried as to whether to perform clipboard
operations. If you disable this policy setting, a script cannot perform a clipboard operation.
If you do not configure this policy setting, a script cannot perform a clipboard operation.

See Also

https://workbench.cisecurity.org/files/1516

Item Details

Audit Name: CIS IE 9 v1.0.0

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CSCv6|3.1

Plugin: Windows

Control ID: 405e17f11d9508f32f2ca038705c711de6ff773a8a2a2dc127d188f50145957f