ActiveX Vulnerability Discovery at the CERT/CC
Hi, it's Will. Anybody who has been keeping an eye on the US-CERT Vulnerability Notes has probably noticed that I've published a lot of ActiveX vulnerabilities. So it should be no surprise to learn that we have been testing ActiveX controls and discovering vulnerabilities in the process.
Almost all of the ActiveX vulnerabilities that I have uncovered were discovered with a tool developed at CERT called Dranzer. We have recently published a paper called Vulnerability Detection in ActiveX Controls through Automated Fuzz Testing. This paper describes the various attack surfaces of ActiveX controls, the techniques used to test those attack surfaces, and also some results obtained by testing a large number of downloaded ActiveX controls. It may also give some insight into why the Securing Your Web Browser document suggests disabling ActiveX in the Internet Zone of Internet Explorer.