On The Insider: Criminal Past of Woods Mistress Revealed
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 29 of 35:
Next »
« Previous
ActiveX is far more than scripting
In fact, scripting is a minor part of it. It's the exposed interface of a program, which is also known as COM and before that as OLE autmation, and allows a base program, such as IE, to be extended with compiled, not scripted, components. This can be a helpful component like the Google toolbar, an application like MusicMatch, or a piece of scumware that redirects your browser to porn sites or steals your credit card numbers.

Scripting can be used to access exposed elements and manupulate them for good or ill, but scripts can only do what the ActiveX/COM interface allows them to do. Because the interface into IE is so wide ranging it leaves a lot of potential for exploitation along with providing a lot of operating system level and program level functions that are useful.
Posted by: jfrankcarr   Posted on: 03/22/04 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

It figures  Squawkbox | 03/19/04
And want to come to a Linux box near you  FilledOut | 03/19/04
ActiveX was an exploit waiting to happen  Chad_z | 03/19/04
ActiveX exploits are why I'm using Firefox  jfrankcarr | 03/20/04
Don't assume you're safe ...  George Jay | 03/20/04
By you can assume your MUCH safer  David Mohring | 03/20/04
Well, now you're getting somewhere  jfrankcarr | 03/21/04
And people laughed...........  nite_w0lf | 03/19/04
Blame Norton  boxmonkey | 03/20/04
You have to use ActiveX in this case  jfrankcarr | 03/20/04
Active X for security?  michael-t | 03/20/04
Dogs and fleas  bjbrock | 03/20/04
Dogs and fleas  seosamh_z | 03/21/04
Re: Dogs & fleas  MammyNun | 03/23/04
But...  DragonBRockin | 03/20/04
Hey, where's No_Ax?  Chad_z | 03/20/04
Security Programs Becoming Major Infection Vector  Aphelion | 03/21/04
Re: Security Programs Becomming Major Infection Vector  GraysonPeddie | 03/22/04
virus authors  angrymuthu | 03/21/04
The .net Framework might be better...  GraysonPeddie | 03/21/04
The .net Framework might be better...  seosamh_z | 03/21/04
It's always the "next" version with MSFT  Chad_z | 03/21/04
It's always the "next" version with MSFT  seosamh_z | 03/22/04
.net is 10 years LATE  michael-t | 03/21/04
.net is 10 years LATE  seosamh_z | 03/22/04
MS and 'modern' technologies ....  michael-t | 03/22/04
Anybody notice...  Yen_z | 03/21/04
Substitute Java and ...  ShadeTree | 03/22/04
ActiveX is far more than scripting  jfrankcarr | 03/22/04
Mixing metaphors.  ShadeTree | 03/22/04
Sorry, but you are quite confused  jfrankcarr | 03/22/04
you mean jsp, lets be clear - not Sun Java  JWatson77 | 03/24/04
then again MS Java did have a few vulnerabilities  JWatson77 | 03/24/04
What Idiot Uses ActiveX for Security? Only Symantec...  brenthawkinsmd | 03/22/04
activex? lol  JWatson77 | 03/24/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

SmartPlanet

Click Here