Month of ActiveX Bugs (MoAxB)

May 02, 2007

Here we go again. Someone's planning to release one bug a day having to do with ActiveX in May.

Perhaps the biggest vulnerability research fad in the last year or so has been the "month of (whatever) bugs." Whatever. This time it's ActiveX, and the MoAxB or (as the author, after saying "sorry for my poor english," puts it: "Month of ActiveX Bug."

The author says: most of them are simple DoS (don't worry there are also some code execution) but that's because MoAxB has only a sense: to inform developers about the risk of using activex controls. (A DoS (Denial of Service) (in this context) is a bug that crashes an application.)

Some DoS bugs are evidence of hidden code execution bugs, but not all are. Don't assume that a DoS bug indicates anything more than the ability to crash a program by feeding it bad input.

Furthermore, the author is somewhat misleading when he refers to the risks of using ActiveX controls. The first bug of the month (see below) is probably typical: It's a commercial program that runs in the context of a Web browser. The fact that it's an ActiveX control has little or nothing to do with the bug. If the program were in another form, such as a Firefox plug-in, it would likely have the same bug.

On to the first bug: It's (as promised) a DoS in a third-party PowerPoint viewer control .

Not an auspicious opening for the MoAxB, but perhaps more important bugs will be forthcoming.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: Cash could be phased out within a decade, says expert

add to favorites email to friend print save as pdf

Related Stories

IOC defends Rio legacy amid green protests

1 hour ago

Ecological protests on Saturday dogged the final day of an International Olympic Committee executive board meeting in Rio as green campaigners slated the choice of a nature reserve to hold the golf event ...

Japan's NTT to buy German data centre operator

1 hour ago

Japanese telecom giant NTT Communications is looking to acquire German data centre operator e-shelter, as it seeks to cash in on growing demand in Europe, a newspaper reported Saturday.

Fashionable or geeky—the modern watch dilemma

5 hours ago

It's Milan fashion week, you've got tickets to the catwalk shows and an outfit to die for, but which watch to wear? A chunky smartwatch or chic ticker that can't tell the time?

Recommended for you

Five stunners from the Geneva car show

10 hours ago

Forget driverless cars, electric power or even green technology. There is no doubt what visitors are coming to see at the glamorous Geneva motor show: supercars.

Cash could be phased out within a decade, says expert

Mar 03, 2015

The rise of electronic currency will lead to the phasing out of physical cash in Australia within a decade, according to Professor Rabee Tourky, Director of the Australian National University (ANU) Research ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.