Web application security - the fast guide 1.1

Chapter 5 - Attack Execution the client P a g e | 96 Attack requirement:  ActiveX or browser extension has a high privilege.  ActiveX is vulnerable or built as malicious component with attack purpose. Attack process A. victim access a site with vulnerable or malicious Activex or install a vulnerable or malicious browser extension. B. Victim accept to run Activex or browser extension. C. The component is available to provide a back door or to send information to attacker. Example: The following is a list of ActiveX example that can be exploited to attack and compromise the client. ActiveX DHTML Editing Microsoft DDS Library Shape Control Vulnerability Impact LoadURL method can violate same origin policy Read and write data Heap memory corruption Arbitrary code execution as caller JView Profiler Heap memory corruption ADODB.Stream None—used to write data after exploiting LMZ Shell Application Use CLSID to disguise malicious file being loaded Shell.Explorer HTML Help Arbitrary code execution as caller Files with arbitrary content placed in known locations Files with arbitrary content placed in known locations Rich folder view drag-n-drop timing attack Files with arbitrary content placed in known locations Stack-based buffer overflow from overlong “Contents file” Arbitrary code execution as caller

Web application security - the fast guide 1.1 | Page 96