This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP O2 Platform/Microsoft/ActiveX

Revision as of 23:27, 10 April 2014 by Bill Sempf (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This page contains information on how to test ActiveX controls

Security Issues with ActiveX

{list the common problems with ActiveX}

Tools to test ActiveX for Buffer Overflows

using O2

One strategy to test ActiveX with O2 would be to create a .NET stub around it and then use it to invoke the ActiveX methods

The OWASP .NET tool (couple years old) DN_BOFinder (download from SF) is a .NET Fuzzer which is able to intelligently fuzz .NET assemblies and the COM objects it exposes (see also Buffer_OverFlow_in_ILASM_and_ILDASM

Research Links

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.

go back to the main OWASP O2 Platform page