CWE-623 (Unsafe ActiveX Control Marked Safe For Scripting) is a common software weakness type identified by the CWE (Common Weakness Enumeration) dictionary. It helps developers understand security flaws and how to mitigate them.

What is the difference between CVE and CWE?

CWE refers to the type of software weakness (the root cause), while CVE refers to a specific instance of a vulnerability in a particular product or system.

CWE-623

Unsafe ActiveX Control Marked Safe For Scripting

Weakness Description

An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.

This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilities, depending on the control's behavior.

Potential Mitigations

Architecture and Design

During development, do not mark it as safe for scripting.

System Configuration

After distribution, you can set the kill bit for the control so that it is not accessible from Internet Explorer.

Common Consequences

ConfidentialityIntegrityAvailability

Execute Unauthorized Code or Commands

Related Weaknesses

CWE-267 CWE-618

Related Resources

Browse CWE Database

Explore 493 software weaknesses

CVE Database

Search 294,000+ vulnerabilities

Security Writeups

Learn from real-world examples

About 4nuxd

Cybersecurity research & tools

Contact Us

Get in touch for collaboration

Homepage

Explore more security resources