Re: Just How bad is ActiveX



"bright" wrote:
...
But I'm confused to see some reports of flaws in current ActiveX
controls - sure the Control can be abused to take over the User's PC
but if a malicious website wants to take over a user's PC why don't
they use their own ActiveX control?

Exploiting vulnerabilities in installed ActiveX browser components is
just an easy way for criminals to run their code without the user
consenting or being aware of it. Why take the risk that a user might
decline to install something by making them decide? Of course, they do
that as well and people are still socially-engineered to run malware
in the form of BHOs (browser helper objects) or ordinary executable
files.


.