Security Vulnerability Research & Defense

Browse by Tags

All Tags » safe for initia... » activex » safe for scripting (RSS)

Tuesday, August 12, 2008 11:35 AM

MS08-050 : Locking an ActiveX control to specific applications.

MS08-050 concerns an ActiveX control that can be maliciously scripted to leak out personal information such as email addresses. There appeared to be no need for the control to have this behaviour so giving it a Kill-Bit seemed the correct approach to

Posted by swiblog | (Comments Off)

Filed under: activex, COM, Internet Explorer, killbit, Kill-Bit, phoenix bit, safe for initialization, safe for scripting, IE

Sunday, February 03, 2008 11:17 PM

Not safe = not dangerous? How to tell if ActiveX vulnerabilities are exploitable in Internet Explorer

In early January you may have read posts on security distribution lists regarding two ActiveX Controls released by Microsoft. We have investigated those controls and fortunately, they are not exploitable since IE does not treat them as being safe. We

Posted by swiblog | (Comments Off)

Filed under: classid, activex, safe for initialization, safe for scripting, clsid, iobjectsafety

Attachment(s): ClassId.cs

Security Vulnerability Research & Defense

This Blog

Syndication

Search

News

Blogroll

Report a Vulnerability to Microsoft

Tags

Recent Posts

Archives

Browse by Tags

MS08-050 : Locking an ActiveX control to specific applications.

Not safe = not dangerous? How to tell if ActiveX vulnerabilities are exploitable in Internet Explorer