Vulnerability Detection in ActiveX Controls through Automated Fuzz Testing

Dormann, Will; Plakosh, Dan

Vulnerability Detection in ActiveX Controls through Automated Fuzz Testing

Active / Technical Report | Accesssion Number: AD1145890 |

Open PDF

Abstract:

Vulnerabilities in ActiveX controls are frequently used by attackers to compromise systems using the Microsoft Internet Explorer web browser. A programming or design flaw in an ActiveX control can allow arbitrary code execution as the result of viewing a specially-crafted web page. In this paper, we examine effective techniques for fuzz testing ActiveX controls, using the Dranzer tool developed at CERT. By testing a large number of ActiveX controls, we are able to provide some insight into the current state of ActiveX security.

Author(s):

Dormann, Will ; Plakosh, Dan

Author Organization(s):

CARNEGIE-MELLON UNIV PITTSBURGH PA

Funding Organization(s):

AIR FORCE LIFE CYCLE MANAGEMENT CENTER HANSCOM AFB MA, HANSCOM AFB , MA

Document Type:

Technical Report/Technical Paper

Publication Date:

2008 Jan 01

Pagination:

14

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution Code:

A - Approved For Public Release

Distribution Statement: Public Release

RECORD

Collection: TRECMS

Subject Terms

Communities of Interest:

Cyber

Descriptor(s):

web browsers, operating systems, computer programming, scripting languages, internet, debugging, programming languages, language, test methods, computer program documentation, detection, human systems integration, security, universities, vulnerability

Subject Categories:

Mathematical and Computer Sciences; Mathematical and Computer Sciences

Creation Date:

2021 Aug 26

Update Date:

2021 Nov 15