CWE-618
Exposed Unsafe ActiveX Method
An ActiveX control is intended for use in a web browser, but it exposes dangerous methods that perform actions that are outside of the browser's security model (e.g. the zone or domain).
Mitigation
Phase: Implementation
Description:
- If you must expose a method, make sure to perform input validation on all arguments, and protect against all possible vulnerabilities.
Mitigation
Phase: Architecture and Design
Description:
- Use code signing, although this does not protect against any weaknesses that are already in the control.
Mitigation
Phases: Architecture and Design, System Configuration
Description:
- Where possible, avoid marking the control as safe for scripting.
No CAPEC attack patterns related to this CWE.