Month of ActiveX Bugs (MoAxB)

May 02, 2007

Here we go again. Someone's planning to release one bug a day having to do with ActiveX in May.

Perhaps the biggest vulnerability research fad in the last year or so has been the "month of (whatever) bugs." Whatever. This time it's ActiveX, and the MoAxB or (as the author, after saying "sorry for my poor english," puts it: "Month of ActiveX Bug."

The author says: most of them are simple DoS (don't worry there are also some code execution) but that's because MoAxB has only a sense: to inform developers about the risk of using activex controls. (A DoS (Denial of Service) (in this context) is a bug that crashes an application.)

Some DoS bugs are evidence of hidden code execution bugs, but not all are. Don't assume that a DoS bug indicates anything more than the ability to crash a program by feeding it bad input.

Furthermore, the author is somewhat misleading when he refers to the risks of using ActiveX controls. The first bug of the month (see below) is probably typical: It's a commercial program that runs in the context of a Web browser. The fact that it's an ActiveX control has little or nothing to do with the bug. If the program were in another form, such as a Firefox plug-in, it would likely have the same bug.

On to the first bug: It's (as promised) a DoS in a third-party PowerPoint viewer control .

Not an auspicious opening for the MoAxB, but perhaps more important bugs will be forthcoming.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: Non-emergency lines still need a back up plan in case of another meltdown

add to favorites email to friend print save as pdf

Related Stories

US agency threatens to act against air bag maker

4 minutes ago

A dispute between U.S. safety regulators and air bag maker Takata Corp. escalated Wednesday when the government threatened fines and legal action if the company fails to admit that driver's side air bag inflators ...

Netflix sues Yahoo CIO for alleged kickbacks

8 minutes ago

Netflix is suing a former company vice president who is now chief information officer at Yahoo, accusing him of receiving money from vendors he hired to work with the video streaming company.

Team develops cognitive test battery for spaceflight

18 minutes ago

Space is one of the most demanding and unforgiving environments. Human exploration of space requires astronauts to maintain consistently high levels of cognitive performance to ensure mission safety and success, and prevent ...

Recommended for you

Faradair team determined to make hybrid BEHA fly

4 minutes ago

Aiming to transform their concept into a real success, the Faradair team behind a six-seat Bio-Electric-Hybrid-Aircraft (BEHA) have taken this hybrid aircraft project into a crowdfunding campaign on Kickstarter. ...

Shedding light on solar power

19 hours ago

Everyone wants to save energy, but not everyone knows where to start. Grid Resources, a startup based out of the Centre for Urban Energy's iCUE incubator, is developing a new website that seeks to help homeowners ...

Energy transition project moves into its second phase

19 hours ago

Siemens is studying new concepts for optimizing the cost-effectiveness and technical performance of energy systems with distributed and fluctuating electricity production. The associated IRENE research project ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.