Weakness ID: 623 Abstraction: Variant
An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.
This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilities, depending on the control's behavior.
Time of Introduction
- Architecture and Design
Technical Impact: Execute unauthorized code or
Phase: Architecture and Design
During development, do not mark it as safe for scripting.
Phase: System Configuration
After distribution, you can set the kill bit for the control so that
it is not accessible from Internet Explorer.
the weakness exists independent of other weaknesses)
It is suspected that this is under-reported.
|2008-09-08||CWE Content Team||MITRE||Internal|
|updated Description, Relationships, Observed_Example,
|2010-02-16||CWE Content Team||MITRE||Internal|
|2011-06-01||CWE Content Team||MITRE||Internal|
|2012-05-11||CWE Content Team||MITRE||Internal|
|updated References, Relationships|
|2012-10-30||CWE Content Team||MITRE||Internal|
|2014-07-30||CWE Content Team||MITRE||Internal|
More information is available — Please select a different filter.