CWE-623 - Unsafe ActiveX Control Marked Safe For Scripting

CWE-623

Abstraction:
Variant

Structure:
Simple

Status:
Draft

Weakness Name: Unsafe ActiveX Control Marked Safe For Scripting

Description: An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.
This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilities, depending on the control's behavior.

Common Consequences: Scope: Confidentiality, Integrity, Availability
Impact: Execute Unauthorized Code or Commands

Related Weaknesses

CWE-267Privilege Defined With Unsafe Actions

CWE-618Exposed Unsafe ActiveX Method

Release Date:
2007-05-07

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard