An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.
This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilities, depending on the control's behavior.
cwe_Nature: ChildOf cwe_CWE_ID: 267 cwe_View_ID: 1000 cwe_Ordinal: Primary
cwe_Nature: ChildOf cwe_CWE_ID: 267 cwe_View_ID: 699 cwe_Ordinal: Primary
cwe_Nature: ChildOf cwe_CWE_ID: 691 cwe_View_ID: 1000
cwe_Nature: PeerOf cwe_CWE_ID: 618 cwe_View_ID: 1000
|['Confidentiality', 'Integrity', 'Availability']||Execute Unauthorized Code or Commands|
During development, do not mark it as safe for scripting.
After distribution, you can set the kill bit for the control so that it is not accessible from Internet Explorer.
|CVE-2007-0617||add emails to spam whitelist||https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0617|
|CVE-2007-0219||web browser uses certain COM objects as ActiveX||https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0219|
|CVE-2006-6510||kiosk allows bypass to read files||https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6510|