Skip to main content
MSRC

Month Archives: February 2008

Not safe = not dangerous? How to tell if ActiveX vulnerabilities are exploitable in Internet Explorer

Sunday, February 03, 2008

In early January you may have read posts on security distribution lists regarding two ActiveX Controls released by Microsoft. We have investigated those controls and fortunately, they are not exploitable since IE does not treat them as being safe. We wanted to give you some background on how to evaluate whether a potential vulnerability found in an ActiveX control is an exploitable condition in Internet Explorer.