CWE-623 - Unsafe ActiveX Control Marked Safe For Scripting
- Abstraction:Variant
- Structure:Simple
- Status:Draft
- Release Date:2007-05-07
- Latest Modification Date:2023-06-29
Weakness Name
Unsafe ActiveX Control Marked Safe For Scripting
Description
An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.
This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilities, depending on the control's behavior.
Common Consequences
Scope: Confidentiality, Integrity, Availability
Impact: Execute Unauthorized Code or Commands