Release of Dranzer ActiveX Fuzzing Tool
Hi, it's Will. As previously mentioned, we have been investigating and discovering ActiveX vulnerabilities over the past few years. Today we released the Dranzer tool that we have developed to test ActiveX controls.
We've been using the Dranzer ActiveX fuzz testing tool for over three years, and we've found a large number of vulnerabilities with it. I've tagged a few of the US-CERT Vulnerability notes with the "Dranzer" keyword to show the sort of vulnerabilities we've been discovering with the tool.
Because there are literally thousands of vendors that produce ActiveX controls, we have publicly released the Dranzer tool. This way, any vendor that produces ActiveX has the ability to test its own software, ideally before the software is released to the public.
For more details about the Dranzer tool, check out the Dranzer page on the CERT website. The tool itself is available on the Dranzer SourceForge Project page.
Written By
More By The Author
More In CERT/CC Vulnerabilities
PUBLISHED IN
Get updates on our latest work.
Sign up to have the latest post sent to your inbox weekly.
Subscribe Get our RSS feedMore In CERT/CC Vulnerabilities
Get updates on our latest work.
Each week, our researchers write about the latest in software engineering, cybersecurity and artificial intelligence. Sign up to get the latest post sent to your inbox the day it's published.
Subscribe Get our RSS feed