Select Yes to proceed.
5. After the fuzzing process is completed, axfuzz will show the results. If you see
the words Crashed, you have identi?¬? ed an issue in the ActiveX object where
input is not being properly handled, leading to a remote system crash of even
remote unauthorized control of the machine. Figure 8-9 shows an example.
Figure 8-8 Enumeration of CLSID (ActiveX objects) marked as safe for scripting/initialization
Chapter 8: ActiveX Security 217
AxMan
Popularity: 7
Simplicity: 9
Impact: 5
Risk Rating: 7
In addition to axenum/axfuzz, H.D. Moore wrote an excellent ActiveX fuzzing based
on Shane??™s tool. AxMan also enumerates CLSIDs and fuzzes ActiveX COM objects,
identifying their susceptibility to denial of service attacks, remote root, and buffer
overflows. AxMan does a better and more thorough job of fuzzing ActiveX controls, as
shown by the abundance of media attention in July 2006, which was deemed the ???Month
of Brower Bugs (MoBB)??? by H.D. Moore, simply by the tool??™s results. Similar to our
previous discussion about buffer overflow attacks and ActiveX controls, AxMan is able
to automatically step through CLSID objects that have been downloaded on a user??™s
operating system.
Pages:
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385