Date: Mon, 18 Mar 2024 22:47:05 -0400 (EDT) Message-ID: <517014666.245.1710816425879@windcrest.sei.cmu.edu> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_244_1039964682.1710816425877" ------=_Part_244_1039964682.1710816425877 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Dranzer is a tool that enables users to examine effective techniques for= fuzz testing ActiveX controls.
Attackers frequently take advantage of vulnerabilities in ActiveX contro= ls to compromise systems using Microsoft Internet Explorer. A programming o= r design flaw in an ActiveX control can allow an attacker to execute arbitr= ary code by convincing a user to view a specially crafted web page. Since 2= 000, we have seen a significant increase in vulnerabilities in ActiveX cont= rols.
We have developed Dranzer, a tool that enables users to examine effectiv= e techniques for fuzz testing ActiveX controls. By testing a large number o= f ActiveX controls, we can provide some insight into the current state of A= ctiveX security. When we discover new vulnerabilities, we practice coordinated disclosure princip= les and perform the necessary coordination steps.
We have released Dranzer as an open source project on SourceForge to hel= p developers of ActiveX test their controls in their development processes = and to invite community participation in making Dranzer a more effective to= ol. Users must agree to the terms of a license before installing the tool.
More information about the history, motivations, and rationale for Dranz= er is available in the white paper titled Vulnerability Detection in ActiveX Controls through Automate= d Fuzz Testing.
Other Links