These problems occur when objects
are implemented, typically in C and C++. Without going into the science of buffer
overflows, if a control receives input to a buffer that is greater than the buffer??™s allocated
length (the expected length of the buffer), an attacker can execute arbitrary code on the
user??™s machine. This action will most likely cause the system to crash or will grant system
access to the attacker. It is important to validate input for ActiveX objects before accepting
information to a fixed-length buffer.
Writing Secure Code
The obvious way to prevent buffer overflows in ActiveX is to write secure code and use
safe libraries. For more information, refer to Writing Secure Code by Michael Howard and
David C. LeBlanc, a good book about secure programming practices.
Allowing SFS/SFI Subversion
It is possible to run code by IE before it can check whether a script is SFS or SFI. IE checks
for SFS/SFI by CoCreate-ing the specified CLSID, querying for IObjectSafety, and
Figure 8-3 An ActiveX control Compatibility Flag
Chapter 8: ActiveX Security 209
retrieving the control??™s settings for SFS/SFI. CoCreateInstance calls the exported
function DllGetClassObject on the control.
Pages:
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374