CWE-623
Unsafe ActiveX Control Marked Safe For Scripting
AI Translation Available
An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.
Status
draft
Abstraction
variant
Affected Platforms
Web Based
Extended Description
AI Translation
This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilities, depending on the control's behavior.
Technical Details
AI Translation
Common Consequences
confidentiality
integrity
availability
Impacts
execute unauthorized code or commands
Potential Mitigations
Phases:
architecture and design
system configuration
Descriptions:
•
During development, do not mark it as safe for scripting.
•
After distribution, you can set the kill bit for the control so that it is not accessible from Internet Explorer.