CWE-623
Unsafe ActiveX Control Marked Safe For Scripting
Description
An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.
This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilities, depending on the control's behavior.
Parent Weaknesses (ChildOf)
Related Weaknesses
Common Consequences
Scope
Impact
Execute Unauthorized Code or Commands
Potential Mitigations
During development, do not mark it as safe for scripting.
After distribution, you can set the kill bit for the control so that it is not accessible from Internet Explorer.
CVE-2007-0617control allows attackers to add malicious email addresses to bypass spam limits
CVE-2007-0219web browser uses certain COM objects as ActiveX
CVE-2006-6510kiosk allows bypass to read files
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now