search menu icon-carat-right cmu-wordmark

Release of Dranzer ActiveX Fuzzing Tool

Will Dormann

Hi, it's Will. As previously mentioned, we have been investigating and discovering ActiveX vulnerabilities over the past few years. Today we released the Dranzer tool that we have developed to test ActiveX controls.

We've been using the Dranzer ActiveX fuzz testing tool for over three years, and we've found a large number of vulnerabilities with it. I've tagged a few of the US-CERT Vulnerability notes with the "Dranzer" keyword to show the sort of vulnerabilities we've been discovering with the tool.

Because there are literally thousands of vendors that produce ActiveX controls, we have publicly released the Dranzer tool. This way, any vendor that produces ActiveX has the ability to test its own software, ideally before the software is released to the public.

For more details about the Dranzer tool, check out the Dranzer page on the CERT website. The tool itself is available on the Dranzer SourceForge Project page.