When an ActiveX control has been
instantiated by the browser,
individual
methods can be invoked as follows:
HACK STEPS
A simple way to probe for ActiveX vulnerabilities is to modify the HTML that
invokes the control, pass your own parameters to it, and monitor the results:
■
Vulnerabilities such as buffer overflows can be probed for using the
same kind of attack payloads as are described in Chapter 15. Triggering
bugs of this kind in an uncontrolled manner is mostly likely to result in a
crash of the browser process that is hosting the control.
■
Do'stlaringiz bilan baham: