Wednesday, May 07, 2008

ActiveX is dangerous...

UPDATE: AxBan can be downloaded from here. Any questions or comments can be directed to talksec@portal.erratasec.com.


We all know ActiveX is dangerous. After watching Milw0rm and other sites continue to add easy to exploit ActiveX cpntrol PoCs like the HP Update problem, we at Errata decided to add a free ActiveX killbit program. We will be updating it as needed with new CLSIDs on an as needed basis. Here is a screenshot, expect the full version to be posted later today.

4 comments:

Warrior said...

Nice tool. What I am missing is a buton to remove a killbit.

Shadowbq said...

Please include..

App needs to be more dynamic:
1. Read an xml file for known bads.
2. Host the default xml file on the http://portal.erratasec.com/axb/AxBan.xml server to read updates.
3. Option to read multiple xml files from different sources (file/http).

Marisa said...

AxBan users,
Please feel free to email me at marisa@erratasec.com with your feature requests and comments as well.

TeMerc said...

Suggestion:
Make the AxBan app a separate blog entry. I wouldn't have even known it was released if I didn't happen to think of it when I checked the latest blog entry via RSS.

I'd be willing to bet most missed it as an 'update' to an earlier in the day blog post.

Just my .02, gonna install the app an see how it 'feels'