Vulnerability Detection in ActiveX Controls through Automated Fuzz Testing

Abstract

Vulnerabilities in ActiveX controls are frequently used by attackers to compromise systems using the Microsoft Internet Explorer web browser. A programming or design flaw in an ActiveX control can allow arbitrary code execution as the result of viewing a specially-crafted web page. In this paper, we examine effective techniques for fuzz testing ActiveX controls, using the Dranzer tool developed at CERT. By testing a large number of ActiveX controls, we are able to provide some insight into the current state of ActiveX security.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2008
Accession Number
AD1145890

Entities

People

  • Dan Plakosh
  • Will Dormann

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Computer Program Documentation
  • Computer Programming
  • Copyrights
  • Debugging
  • Detection
  • Human Systems Integration
  • Internet
  • Javascript Programming Language
  • Language
  • Operating Systems
  • Programming Languages
  • Scripting Languages
  • Security
  • Software Development
  • Test Methods
  • Universities
  • Vulnerability
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Computer Engineering
  • Cybersecurity.