OWASP O2 Platform/Microsoft/ActiveX

This page contains information on how to test ActiveX controls

Security Issues with ActiveX
{list the common problems with ActiveX}

Tools to test ActiveX for Buffer Overflows

 * http://digitaloffense.net/tools/axman/

using O2
One strategy to test ActiveX with O2 would be to create a .NET stub around it and then use it to invoke the ActiveX methods

The OWASP .NET tool (couple years old) DN_BOFinder (download from SF) is a .NET Fuzzer which is able to intelligently fuzz .NET assemblies and the COM objects it exposes (see also Buffer_OverFlow_in_ILASM_and_ILDASM

Research Links

 * on consuming COM & ActiveX from .NET
 * .NET ActiveX dll and regasm
 * How to create Activex Control using C# and Use it in ASP.NET webform?
 * ASP.NET ActiveX Object Windows API Access