: The bad guys are now doing what I was worried about which is to rattle : the door a bunch of times to see which insecure ActiveX control will let : them inside someone's computer. Many ActiveX controls also can't be : automatically updated by vendors with security fixes. It's up to users : to learn about and manually install patches. : : One solution to the problem is to have an industry-wide list of known : bad controls that is published on the Internet. Security products can : then use this kill list to disable bad ActiveX controls which are hidden : away on many of our computers.
OSVDB.org tracks the CLSID associated with ActiveX controls when possible, even though the field that contains it isn't visible on many entries (searching for a CLSID will find it if we have it). One of our wish-list items is exactly what you describe above, auto-generated from our database nightly. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
