Posted on by Researchin
Hi, it's Will. As previously mentioned, we have been investigating and discovering ActiveX vulnerabilities over the past few years. Today we released the Dranzer tool that we have developed to test ActiveX controls.
We've been using the Dranzer ActiveX fuzz testing tool for over three years, and we've found a large number of vulnerabilities with it. I've tagged a few of the US-CERT Vulnerability notes with the "Dranzer" keyword to show the sort of vulnerabilities we've been discovering with the tool.
Because there are literally thousands of vendors that produce ActiveX controls, we have publicly released the Dranzer tool. This way, any vendor that produces ActiveX has the ability to test its own software, ideally before the software is released to the public.