CWE-623β€”Unsafe ActiveX Control Marked Safe For Scripting

PUBLISHEDweakness record
released 2007-05-07 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-623
Abstraction:
Variant
Structure:
Simple
Status:
Draft
Release Date:
2007-05-07
Latest Modification Date:
2025-12-11

Weakness Name

Unsafe ActiveX Control Marked Safe For Scripting

Description

An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.

This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilities, depending on the control's behavior.

Common Consequences

Scope:
Confidentiality, Integrity, Availability
Impact:
Execute Unauthorized Code or Commands

Related Weaknesses