Month of ActiveX Bugs (MoAxB)

May 02, 2007

Here we go again. Someone's planning to release one bug a day having to do with ActiveX in May.

Perhaps the biggest vulnerability research fad in the last year or so has been the "month of (whatever) bugs." Whatever. This time it's ActiveX, and the MoAxB or (as the author, after saying "sorry for my poor english," puts it: "Month of ActiveX Bug."

The author says: most of them are simple DoS (don't worry there are also some code execution) but that's because MoAxB has only a sense: to inform developers about the risk of using activex controls. (A DoS (Denial of Service) (in this context) is a bug that crashes an application.)

Some DoS bugs are evidence of hidden code execution bugs, but not all are. Don't assume that a DoS bug indicates anything more than the ability to crash a program by feeding it bad input.

Furthermore, the author is somewhat misleading when he refers to the risks of using ActiveX controls. The first bug of the month (see below) is probably typical: It's a commercial program that runs in the context of a Web browser. The fact that it's an ActiveX control has little or nothing to do with the bug. If the program were in another form, such as a Firefox plug-in, it would likely have the same bug.

On to the first bug: It's (as promised) a DoS in a third-party PowerPoint viewer control .

Not an auspicious opening for the MoAxB, but perhaps more important bugs will be forthcoming.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: Privacy groups take 2nd hit on license plate data

add to favorites email to friend print save as pdf

Related Stories

World greenhouse emissions threaten warming goal

11 hours ago

Emissions of greenhouse gases are rising so fast that within one generation the world will have used up its margin of safety for limiting global warming to 2°C (3.6°F), an international team of scientists ...

Recommended for you

Privacy groups take 2nd hit on license plate data

Sep 19, 2014

A California judge's ruling against a tech entrepreneur seeking access to records kept secret in government databases detailing the comings and goings of millions of cars in the San Diego area via license plate scans was ...

Scots' inventions are fuel for independence debate

Sep 17, 2014

What has Scotland ever done for us? Plenty, it turns out. The land that gave the world haggis and tartan has produced so much more, from golf and television to Dolly the Sheep and "Grand Theft Auto."

White House backs use of body cameras by police

Sep 16, 2014

Requiring police officers to wear body cameras is one potential solution for bridging deep mistrust between law enforcement and the public, the White House said, weighing in on a national debate sparked by the shooting of ...

Chinese city creates cellphone sidewalk lane

Sep 15, 2014

Taking a cue from an American TV program, the Chinese city of Chongqing has created a smartphone sidewalk lane, offering a path for those too engrossed in messaging and tweeting to watch where they're going.

Coroner: Bitcoin exchange CEO committed suicide

Sep 15, 2014

A Singapore Coroner's Court has found that the American CEO of a virtual currency exchange committed suicide earlier this year in Singapore because of work and personal issues.

User comments : 0