CWE-623
Unsafe ActiveX Control Marked Safe For Scripting
VariantDraft
Description
An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.
This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilities, depending on the control's behavior.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-10028 | Hig | 0.65 | — | 0.01 | Aug 20, 2025 | The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine… | ||
| CVE-2014-2368 | 0.00 | — | 0.02 | Jul 19, 2014 | The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. |
- risk 0.65cvss —epss 0.01
The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine…
- CVE-2014-2368Jul 19, 2014risk 0.00cvss —epss 0.02
The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.