CWE-623Unsafe ActiveX Control Marked Safe For Scripting

PUBLISHEDweakness record
released 2007-05-07 · last modified 2025-12-11

Metadata

CWE ID:
CWE-623
摘要:
Variant
结构:
Simple
状态:
Draft
发布日期:
2007-05-07
更新日期:
2025-12-11

名称

Unsafe ActiveX Control Marked Safe For Scripting

描述

An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.

This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilities, depending on the control's behavior.

常见后果

范围:
Confidentiality, Integrity, Availability
影响:
Execute Unauthorized Code or Commands

相关 CWE