VariantDraft

CWE-623Unsafe ActiveX Control Marked Safe For Scripting

Category: other

Description

An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting. This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilities, depending on the control's behavior.

Common consequences· 1

  • Confidentiality / Integrity / Availability — Execute Unauthorized Code or Commands

Potential mitigations· 2

  • [Architecture and Design]During development, do not mark it as safe for scripting.
  • [System Configuration]After distribution, you can set the kill bit for the control so that it is not accessible from Internet Explorer.

References

  1. https://cwe.mitre.org/data/definitions/623.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Exposed Unsafe ActiveX Method
CWE
Trojan Horse
CWE
Improper Control of Document Type Definition
CWE
Improper Neutralization of Alternate XSS Syntax
CWE
Permissive Cross-domain Security Policy with Untrusted Domains
CWE
Product UI does not Warn User of Unsafe Actions
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.