Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

White Paper

Vulnerability Detection in ActiveX Controls through Automated Fuzz Testing

  • January 2008
  • By Will Dormann, Daniel Plakosh
  • In this 2008 paper, the authors explore results of a test of a large number of Active X controls, which provides insight into the current state of ActiveX security.
  • Vulnerability Analysis
  • Publisher: Software Engineering Institute
  • Abstract

    Vulnerabilities in ActiveX controls are frequently used by attackers to compromise systems using the Microsoft Internet Explorer web browser. A programming or design flaw in an ActiveX control can allow arbitrary code execution as the result of viewing a specially-crafted web page. In this paper, we examine effective techniques for fuzz testing ActiveX controls, using the Dranzer tool developed at CERT. By testing a large number of ActiveX controls, we are able to provide some insight into the current state of ActiveX security. 

  • Download