From researching on the Internet after ???discovering??? this vulnerability, it appears that
it was previously discovered just a month earlier by several other security researchers. So
while the vulnerability is very real at the time of this writing, the vendor has already
released a fix and has engaged Microsoft to issue a ???kill bit??? for this control. The kill bit is
a registry key deployed by Microsoft through an Internet Explorer security update to prevent
a dangerous ActiveX control or COM object from loading. You can find out more
about this type of mitigation technology (and how to reverse it to do the preceding testing
yourself) later in this chapter.
Reference
Mark of the Web http://msdn.microsoft.com/workshop/author/dhtml/overview/motw.asp
AxFuzz
Most security vulnerabilities in ActiveX controls won??™t be as simple to find as a method
named RunCmd() on an already-installed safe-for-scripting control. More often, you??™ll
need to dig into how the control??™s methods handle data. One easy way to do that is to
fuzz each method with random garbage. AxFuzz was one of the first tools developed to
do exactly that and comes in source form packaged with AxEnum. It turns out, however,
that AxFuzz does not use a very sophisticated fuzzing algorithm.
Pages:
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682