CWE-623: Unsafe ActiveX Control Marked Safe For Scripting

ID CWE-623

Abstraction Variant

Structure Simple

Status Draft

Number of CVEs 1

An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.

This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilities, depending on the control's behavior.

Modes of Introduction

Phase	Note
Architecture and Design
Implementation

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-267	Privilege Defined With Unsafe Actions	Base	Simple	Incomplete
CWE-1000	Research Concepts	Draft	CWE-618	Exposed Unsafe ActiveX Method	Variant	Simple	Incomplete

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date