How do ActiveX Controls Work?
To work, an ActiveX control needs to be installed on the computer. This can be done by installing a control from a company’s Website or by a user installing the control from an application that contains the control. An ActiveX control is also installed by any program that hosts the control using an ActiveX control host. A Control host is software (usually part of Windows) that hosts ActiveX controls and shares information about those controls with other programs. For example, if you install Microsoft Visio and then install Microsoft Visio Viewer, both programs can access and display the Visio objects in your Visio files.
Working of ActiveX controls:
- ActiveX’s controls are typically used to provide interfaces to data and applications.
- For example, one of the most common uses is to host a visualization control that can display a document on a Web page, where the document is normally represented in an HTML file.
- When you want to preview or print the document, you use it from within your browser.
- ActiveX’s controls are vulnerable to several kinds of attacks.
- The most dangerous attacks involve code injection, which occurs when one program gains access to the memory space of another program. The main way this happens is when you enter a Website that contains malicious content and your browser can’t interpret it properly.
- If the Website contains an ActiveX control that your browser doesn’t know how to handle, then it may try to load or run this control from the hard disk (which results in accessing your hard disk and executing the attacker’s code).
Attacking ActiveX Controls Technique:
This technique is used to exploit software that contains ActiveX components. This can be done by sending a specially crafted web page that has codes in it that are embedded with ActiveX control and then sending this out to the user. When the user opens this web page, the attacker will have access to the control and execute any command on it.
Attacking ActiveX Controls Technique
An ActiveX control allows users to connect to and control a computer program that runs on the computer without having to install it. ActiveX controls can either be written by programmers who are using Microsoft’s ADO or DAO object models, or they can be created in Visual Basic 6.0, Visual J#, and Excel – all of which use the underlying COM interfaces. The goal of ActiveX control is often to provide a graphical user interface for interacting with a database application or other service that is difficult for non-technical users to use through shell commands.