Unsafe ActiveX Control Marked Safe For Scripting
|Weakness ID: 623 (Weakness Variant)||Status: Draft|
An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.
This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilities, depending on the control's behavior.
Time of Introduction
- Architecture and Design
Technical Impact: Execute unauthorized code or
Phase: Architecture and Design
During development, do not mark it as safe for scripting.
Phase: System Configuration
After distribution, you can set the kill bit for the control so that
it is not accessible from Internet Explorer.
the weakness exists independent of other weaknesses)
It is suspected that this is under-reported.
|updated Description, Relationships, Observed_Example,
|updated References, Relationships|