Sometimes developers will put initialization
code within this core function and it will be executed prior to the QueryInterface/
Check SFS. If the code is added beforehand, the code can be executed by IE before IE even
knows whether the control is safe for use. COM developers in general (even those that are
not coding for the web) need to make sure they don??™t allow this dangerous function.
Restrictive URLRoot Paths
If an ActiveX control downloads a file, which is not the norm, it looks at the parameters
provided on the web page to decide from where it will download files. To ensure that
only the trusted and authorized location is used, restrictions should be placed on the
URLRoot path for the control. Before an ActiveX object downloads a file, the control
itself can verify whether the URL root is allowed; otherwise, it reports an error and stops
the action. An ActiveX control should require URLRoot paths to be a host in the trusted
domain and a specific path, such as /trusted.
Simply providing an URLRoot path is not enough, as attacker can subvert those controls.
Similar to how directory traversal attacks plague old IIS 3.0/4.0/5.0 servers, a
URLRoot path could possibly be subverted by .
Pages:
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375