Unsigned Category 1A mobile code must not be used in the application in accordance with DoD policy.

Description

<VulnDiscussion>Use of un-trusted Level 1A mobile code technologies can introduce security vulnerabilities and malicious code into the client system. 1A code is defined as: - ActiveX controls - Mobile code script (JavaScript, VBScript) - Windows Scripting Host (WSH) (downloaded via URL or email) When JavaScript and VBScript execute within the browser they are Category 3, however, when they execute in WSH, they are 1A.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>