Vulnerability Detection in ActiveX Controls
نویسندگان
چکیده
Vulnerabilities in ActiveX controls are frequently used by attackers to compromise systems using the Microsoft Internet Explorer web browser. A programming or design flaw in an ActiveX control can allow arbitrary code execution as the result of viewing a specially-crafted web page. In this paper, we examine effective techniques for fuzz testing ActiveX controls, using the Dranzer tool developed at CERT. By testing a large number of ActiveX controls, we are able to provide some insight into the current state of ActiveX security.
منابع مشابه
Vulnerability Detection in ActiveX Controls through Automated Fuzz Testing
Vulnerabilities in ActiveX controls are frequently used by attackers to compromise systems using the Microsoft Internet Explorer web browser. A programming or design flaw in an ActiveX control can allow arbitrary code execution as the result of viewing a specially-crafted web page. In this paper, we examine effective techniques for fuzz testing ActiveX controls, using the Dranzer tool developed...
متن کاملTest Model for Security Vulnerability in Web Controls based on Fuzzing
The number of Web controls’ security vulnerability surged with ever-changing varieties of attacks. Therefore this paper analyzes test model for Web controls’ vulnerability, and put forward a improved test model for Web controls’ vulnerability. Be aimed to test vulnerability of Web ActiveX controls combining static analysis and dynamic analysis, as well as put forward a proposal of optimizing th...
متن کاملPost-Exploitation on Windows using ActiveX Controls
When exploiting software vulnerabilities it is sometimes impossible to build direct communication channels between a target machine and an attacker’s machine due to restrictive outbound filters that may be in place on the target machine’s network. Bypassing these filters involves creating a postexploitation payload that is capable of masquerading as normal user traffic from within the context o...
متن کاملEducational Video Game Design
ActiveX A loosely defined set of technologies developed by Microsoft for sharing information among different applications, ActiveX is an outgrowth of two other Microsoft technologies called OLE (Object Linking and Embedding) and COM (Component Object Model). As a moniker, ActiveX can be very confusing because it applies to a whole set of COM-based technologies. Most people, however, think only ...
متن کاملA Lightweight Binary Authentication System for Windows
The problem of malware is greatly reduced if we can ensure that only software from trusted providers is executed. In this paper, we have built a prototype system on Windows which performs authentication of all binaries in Windows to ensure that only trusted software is executed and from the correct path. Binaries on Windows are made more complex because there are many kinds of binaries besides ...
متن کامل