Unsafe ActiveX Control Marked Safe For Scripting

Draft Variant

Structure: Simple

Description

An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.

Extended Description

This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilities, depending on the control's behavior.

Common Consequences 1

Scope: ConfidentialityIntegrityAvailability

Impact: Execute Unauthorized Code or Commands

Potential Mitigations 2

Phase: Architecture and Design

During development, do not mark it as safe for scripting.

Phase: System Configuration

After distribution, you can set the kill bit for the control so that it is not accessible from Internet Explorer.

Observed Examples 3

CVE-2007-0617control allows attackers to add malicious email addresses to bypass spam limits

CVE-2007-0219web browser uses certain COM objects as ActiveX

CVE-2006-6510kiosk allows bypass to read files

References 4

Developing Secure ActiveX Controls

Microsoft

13-04-2005

https://learn.microsoft.com/en-us/previous-versions//ms533046(v=vs.85)?redirectedfrom=MSDN(2023-04-07)

ID: REF-503

How to stop an ActiveX control from running in Internet Explorer

Microsoft

https://support.microsoft.com/en-us/help/240797/how-to-stop-an-activex-control-from-running-in-internet-explorer(2023-04-07)

ID: REF-510

Writing Secure Code

Michael Howard and David LeBlanc

Microsoft Press

04-12-2002

https://www.microsoftpressstore.com/store/writing-secure-code-9780735617223

ID: REF-7

The Art of Software Security Assessment

Mark Dowd, John McDonald, and Justin Schuh

Addison Wesley

2006

ID: REF-62

Modes of Introduction

Architecture and Design

Implementation

Related Weaknesses

ChildOf:

Privilege Defined With Unsafe Actions (CWE-267)

PeerOf:

Exposed Unsafe ActiveX Method (CWE-618)