Active X Taking Control
ActiveX control vulnerabilities
Signed ActiveX controls run as resident programs on your PC with full privileges when loaded through IE. The operating system treats signed code as local code. By default, IE does not prompt the user about this action so long as the code is signed. If someone has access to a certificate, then this type of attack could be very transparent. For example, a malicious hacker could use this in order to load buggy DLLs signed by the original vendor to temporarily downgrade your computer.
The HTML Help facility in Windows includes an ActiveX control that provides much of its functionality. One of the functions exposed via the control contains an unchecked buffer, which could be exploited by a web page hosted on an attacker’s site or sent to a user as an HTML mail. An attacker who successfully exploited the vulnerability would be able to run code in the security context of the user, thereby gaining the same privileges as the user on the system.
Signed ActiveX controls run as resident programs on your PC with full privileges when loaded through IE. The operating system treats signed code as local code. By default, IE does not prompt the user about this action so long as the code is signed. If someone has access to a certificate, then this type of attack could be very transparent. For example, a malicious hacker could use this in order to load buggy DLLs signed by the original vendor to temporarily downgrade your computer.
The HTML Help facility in Windows includes an ActiveX control that provides much of its functionality. One of the functions exposed via the control contains an unchecked buffer, which could be exploited by a web page hosted on an attacker’s site or sent to a user as an HTML mail. An attacker who successfully exploited the vulnerability would be able to run code in the security context of the user, thereby gaining the same privileges as the user on the system.
Comments