Notice the
iSEC Test Value line shows the module has been marked Safe for Initialization,
which is not a good security practice.
Fuzzing ActiveX Controls
To locate problems that can allow at attacker remotely to crash or control a user??™s system,
such as a buffer overflow, via the ActiveX control, fuzzing the COM object is usually
your best bet. Fuzzing is the process of inserting random data into the inputs of any
application. If the application crashes or behaves strangely, the application is not
terminating inputs appropriately and provides the attacker a good attack point. A few
tools can be used to fuzz an ActiveX control, including axfuzz and AxMan.
Axenum and Axfuzz
Axenum and axfuzz were written by Shane Hird. Axenum will enumerate all the ActiveX
COM objects on the machine that are marked safe for scripting/initialization. As
previously mentioned, ActiveX objects that are marked safe can be abused by remote
attackers for their own advantage. After the list of safe CLSIDs is enumerated by axenum,
which is completed by the IObjectSafety interface, axfuzz can be used to fuzz the
Figure 8-6 SecurityQA Toolbar??™s ActiveX feature
Chapter 8: ActiveX Security 215
base level of the ActiveX interface.
Pages:
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383