ACTIVEX FLAWS AND COUNTERMEASURES
ActiveX security measures are integral to user security and privacy. Once an ActiveX
control is downloaded by an end user, the control??™s methods can be execute by another
web application that the user visits, including access to the operating system??™s registry
202 Hacking Exposed Web 2.0
and file system (if the method has been written to access the file system or registry).
Unique identification of the ActiveX object is accomplished through the CLISD, which
can be enumerated in the registry.
A simple example of an ActiveX attack would involve an insecure ActiveX object on
a web application and a malicious attacker who wants to exploit the issue. For example,
if an attacker knew that eNapkin.com uses an insecure ActiveX control, the attacker can
complete the following steps to exploit the issue:
1. Visit the URL with the vulnerable ActiveX control and download the control.
2. Enumerate the control??™s attack surfaces and security ?¬‚ aws.
3. Create a malicious web site that exploits the vulnerability with the ActiveX
control.
4. Convince the victim to visit the malicious web site, via a phishing e-mail or
a Google advertisement for $10 iPods.
Pages:
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362