AxMan ActiveX Fuzzer
As promised, I have released my ActiveX fuzzing tool, aptly named AxMan. This tool was used to discover and debug almost every single ActiveX flaw published during the Month of Browser Bugs. In addition to the MoBB issues, this tool discovered over 100 unique flaws on a Windows XP SP2 system with common third-party packages installed. I am releasing this tool without my blacklist.js file of discovered vulnerabilities; this should give the vendors some breathing room while they figure out how to address these problems. An online demonstration of AxMan is available, but the interface is not designed to work across a slow network and a locally installed version will run much faster. Enjoy and happy bug hunting!
posted by hdm @ 12:34 AM
12 comments
links to this post
12 Comments:
any reactions from Microsoft? did they say "Thank you for your work, thank you for telling us the bugs in our IE, which will show us how to improve our software"?
Something like that :-)
id love too see the email you got i bet they said something like you were unfair too them
any reactions from Mozilla? did they say "Thank you for your work, thank you for telling us the bugs in our FireFox, which will show us how to improve our software"
any reactions from Mozilla? did they say "Thank you for your work, thank you for telling us the bugs in our FireFox, which will show us how to improve our software"?
Something like that :-)
you are famous. did you know?
"Microsoft schließt möglicherweise auch Sicherheitslücken im Internet Explorer und Active-X-Modulen, die H. D. Moore im Rahmen seines Month of the Browser Bugs veröffentlicht hat."
http://www.heise.de/newsticker/meldung/76385
Dangerous tool. Very dangerous. I found flaws in third party programs such as, flash, acrobat reader etc.
Microsoft should consider to remove the Activex. But very much application rely on them so this is a tough one.
The Flash and Acrobat plugin bugs are probably exploitable as well.
will there be another "Month of the $-Bugs"?
because, as long as there are computers, there is hope for a bug. ;-)
microsoft should thanks you for this.
Good!
www.tumujer.com
What happens when there are no more bugs,,vulnerabilities,,malware, or spyware? What will we do.
Post a Comment
Links to this post:
Create a Link
<< Home