Month of ActiveX Bugs (MoAxB)

May 02, 2007

Here we go again. Someone's planning to release one bug a day having to do with ActiveX in May.

Perhaps the biggest vulnerability research fad in the last year or so has been the "month of (whatever) bugs." Whatever. This time it's ActiveX, and the MoAxB or (as the author, after saying "sorry for my poor english," puts it: "Month of ActiveX Bug."

The author says: most of them are simple DoS (don't worry there are also some code execution) but that's because MoAxB has only a sense: to inform developers about the risk of using activex controls. (A DoS (Denial of Service) (in this context) is a bug that crashes an application.)

Some DoS bugs are evidence of hidden code execution bugs, but not all are. Don't assume that a DoS bug indicates anything more than the ability to crash a program by feeding it bad input.

Furthermore, the author is somewhat misleading when he refers to the risks of using ActiveX controls. The first bug of the month (see below) is probably typical: It's a commercial program that runs in the context of a Web browser. The fact that it's an ActiveX control has little or nothing to do with the bug. If the program were in another form, such as a Firefox plug-in, it would likely have the same bug.

On to the first bug: It's (as promised) a DoS in a third-party PowerPoint viewer control .

Not an auspicious opening for the MoAxB, but perhaps more important bugs will be forthcoming.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: Researchers create global road maps showing potential economic and ecological consequences of new roads

add to favorites email to friend print save as pdf

Related Stories

FIXD tells car drivers via smartphone what is wrong

4 hours ago

A key source of anxiety while driving solo, when even a bothersome back-seat driver's comments would have made you listen: the "check engine" light is on but you do not feel, smell or see anything wrong. ...

Team pioneers strategy for creating new materials

5 hours ago

Making something new is never easy. Scientists constantly theorize about new materials, but when the material is manufactured it doesn't always work as expected. To create a new strategy for designing materials, ...

Shell files new plan to drill in Arctic

6 hours ago

Royal Dutch Shell has submitted a new plan for drilling in the Arctic offshore Alaska, more than one year after halting its program following several embarrassing mishaps.

Aging Africa

6 hours ago

In the September issue of GSA Today, Paul Bierman of the University of Vermont–Burlington and colleagues present a cosmogenic view of erosion, relief generation, and the age of faulting in southernmost Africa ...

Recommended for you

China's Alibaba plans IPO for week of September 8

50 minutes ago

Chinese e-commerce giant Alibaba plans to hold its initial public offering on the US stock market the week of September 8, the Wall Street Journal reported Saturday, citing a person familiar with the matter.

Tablet sales slow as PCs find footing

1 hour ago

Tablets won't eclipse personal computers as fast as once thought, according to studies by market tracker International Data Corporation (IDC).

Startups offer banking for smartphone users

1 hour ago

The latest banks are small enough to fit in the palm of your hand. Startups, such as Moven and Simple, offer banking that's designed specifically for smartphones, enabling users to track their spending on the go. Some things ...

FIXD tells car drivers via smartphone what is wrong

15 hours ago

A key source of anxiety while driving solo, when even a bothersome back-seat driver's comments would have made you listen: the "check engine" light is on but you do not feel, smell or see anything wrong. ...

User comments : 0