Once a user has installed an ActiveX control on his or her
machine, the control can be accessed by a web application on the Internet, which allows
the control to be used for malicious purposes. Figure 8-1 shows an example of an ActiveX
control.
In this chapter, the attack icon represents an attack, an attack tool, or a vulnerability/flaw that can lead
to an attack.
Chapter 8: ActiveX Security 199
OVERVIEW OF ACTIVEX
ActiveX controls serve many purposes, from providing simple methods to download a
program to allowing web applications to access information on a local operating system.
They are often implemented in C++ but can be implemented in other languages as well.
Additionally, ActiveX objects contain a number of methods and properties. The following
provides a brief description of ActiveX terms:
??? ActiveX interface The de?¬? nition of the methods and properties available.
Methods can be invoked; properties can be retrieved and set. An interface is
usually a grouping of functions that expose related functionality.
??? ActiveX object The overall COM component. An object has interfaces,
methods, and properties that can be invoked. ActiveX objects implement
interfaces.
Pages:
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357