Informative Information for the Uninformed | ||||||||||||||
|
||||||||||||||
Next: Control and functionality enumeration
Up: ActiveX - Active Exploitation
Previous: Foreword
Contents
IntroductionActiveX[1] is a Microsoft technology introduced in 1996 and based on the Component Object Model (COM) and Object Linking and Embedding (OLE) technologies. The intention of COM has been to create easily reusable pieces of code by creating objects that offer interfaces which can be called by other COM objects or programs. This technology is widely used for what Microsoft calls ActiveX[2] which represents the integration of COM into Internet Explorer. This integration offers the ability to interface with Windows as well as third-party applications with the MS browser. This allows for the easy extension of functionality in the Internet Explorer by giving software developers the ability to create complex applications which can interface with websites through the browser. There are various ways for an ActiveX control to end up on any given machine. Besides all the controls which are part of IE or the operating system, programs may install and register ActiveX controls of their own to offer a diverse set of functions in IE. Another way of installing a new control is through web sites themselves. Depending on Internet Explorer security settings, a website may try to instantiate a control, for example Shockwave Flash, and failing to do so may prompt the user to install the Shockwave Flash ActiveX control. Security issues seems to be a constant problem with ActiveX controls. In fact, it seems most vulnerabilities in Windows nowadays are actually due to poorly-written third-party controls which allow malicious websites to exploit buffer overflows or abuse command injection vulnerabilities. Quite often these controls make the impression of their authors not having realized their code can be instantiated from a remote website. The following chapters will describe methods to find, analyze, and exploit bugs in ActiveX controls will be presented to the reader.
|