Protected mode and COM activation hosted in service

G

Guest

From reading the working with protected mode paper it seems that it is
possible to elevate a COM extension at the medium level by registering in IE.
Would that be supported if the COM server is a singleton COM server hosted
under LocalService account service on the local machine ?
I understand that the other option is to change the LaunchPermission key to
allow the low IE process to bind the COM object but I'd prefer using medium
elevation only to avoid lowering the security on the service.

thanks
 
A

Alex Chmut

Protected-mode IE run in Low Integrity Level
Services run in System Integrity Level (which is higher than even
admin-elevated Integrity Level).
In short you cannot get your service run in other than System IL, but you
can impersonate a calling client.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

IE7 detect protected mode in script 2
Error 2148270091 with Protected Storage service on win2000 0
Trouble with C# and FAXCOMEXLib: Fax Service Extended COM API 3
Trouble with C# and FAXCOMEXLib: Fax Service Extended COM API (faxcomex.dll) 0
Trouble with C# and FAXCOMEXLib: Fax Service Extended COM API (faxcomex.dll) 2
Can only boot WIN2kpro in Safe Mode 1
Common file appears on startup 5
Common File Folder opens at Startup 3

Top