CWE-623
AllowedUnsafe ActiveX Control Marked Safe For Scripting
Abstraction: Variant · Status: Draft
An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.
5 vulnerabilities reference this CWE, most recent first.
CVE-2018-17925 (GCVE-0-2018-17925)
Vulnerability from cvelistv5 – Published: 2018-10-10 17:00 – Updated: 2024-09-16 23:25- CWE-623 - Unsafe ActiveX Control Marked Safe For Scripting CWE-623
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105540 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-282-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105540",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105540"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iFix",
"vendor": "GE",
"versions": [
{
"status": "affected",
"version": "2.0 - 5.0"
},
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "5.5"
},
{
"status": "affected",
"version": "5.8"
}
]
}
],
"datePublic": "2018-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX product may expose users to the reported vulnerability. The reported method shown to impact Internet Explorer is not exposed in the iFIX product, nor is the core functionality of the iFIX product known to be impacted."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-623",
"description": "Unsafe ActiveX Control Marked Safe For Scripting CWE-623",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "105540",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105540"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-09T00:00:00",
"ID": "CVE-2018-17925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iFix",
"version": {
"version_data": [
{
"version_value": "2.0 - 5.0"
},
{
"version_value": "5.1"
},
{
"version_value": "5.5"
},
{
"version_value": "5.8"
}
]
}
}
]
},
"vendor_name": "GE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX product may expose users to the reported vulnerability. The reported method shown to impact Internet Explorer is not exposed in the iFIX product, nor is the core functionality of the iFIX product known to be impacted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unsafe ActiveX Control Marked Safe For Scripting CWE-623"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105540",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105540"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17925",
"datePublished": "2018-10-10T17:00:00.000Z",
"dateReserved": "2018-10-02T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:25:32.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2368 (GCVE-0-2014-2368)
Vulnerability from cvelistv5 – Published: 2014-07-19 01:00 – Updated: 2025-10-06 17:46| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| http://webaccess.advantech.com/ | |
| http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02 | x_refsource_MISCx_transferred |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WebAccess",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "reported to ZDI by security researchers Dave Weinstein, Tom Gallagher, John Leitch, and others"
}
],
"datePublic": "2014-07-15T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nThe BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.\n\n\u003c/p\u003e"
}
],
"value": "The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-623",
"description": "CWE-623",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T17:46:06.036Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-198-02"
},
{
"name": "68714",
"url": "http://webaccess.advantech.com/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAdvantech released a new WebAccess Installation Package v7.2 on June \n6, 2014, that removes some vulnerable ActiveX components and resolves \nthe vulnerabilities within others. The download link for v7.2 is \navailable at:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://webaccess.advantech.com/\"\u003ehttp://webaccess.advantech.com/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Advantech released a new WebAccess Installation Package v7.2 on June \n6, 2014, that removes some vulnerable ActiveX components and resolves \nthe vulnerabilities within others. The download link for v7.2 is \navailable at:\n\n\n http://webaccess.advantech.com/"
}
],
"source": {
"advisory": "ICSA-14-198-02",
"discovery": "UNKNOWN"
},
"title": "Advantech WebAccess Unsafe ActiveX Control Marked Safe For Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02"
},
{
"name": "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html"
},
{
"name": "68714",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68714"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2368",
"datePublished": "2014-07-19T01:00:00.000Z",
"dateReserved": "2014-03-13T00:00:00.000Z",
"dateUpdated": "2025-10-06T17:46:06.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-10028 (GCVE-0-2011-10028)
Vulnerability from cvelistv5 – Published: 2025-08-20 15:39 – Updated: 2026-05-15 11:13 Unsupported When Assigned- CWE-623 - Unsafe ActiveX Control Marked Safe For Scripting
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/17105 | exploit |
| https://www.exploit-db.com/exploits/17149 | exploit |
| https://raw.githubusercontent.com/rapid7/metasplo… | exploit |
| https://advisories.checkpoint.com/defense/advisor… | third-party-advisory |
| https://www.gamehouse.com/ | product |
| https://archive.org/details/com.real.arcade | product |
| https://www.vulncheck.com/advisories/real-network… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| RealNetworks | RealArcade ActiveX |
Affected:
0 , ≤ 2.6.0.445
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2011-10028",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T17:31:18.102550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T17:31:22.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/real_arcade_installerdlg.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/17149"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/17105"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"InstallerDlg.dll"
],
"platforms": [
"Windows"
],
"product": "RealArcade ActiveX",
"vendor": "RealNetworks",
"versions": [
{
"lessThanOrEqual": "2.6.0.445",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realarcade_installer:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.6.0.445",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "rgod"
}
],
"datePublic": "2011-04-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim\u0027s Windows machine without proper validation or restrictions. This platform was \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esometimes referred to or otherwise known as RealArcade or Arcade Games and has since consolidated with RealNetworks\u0027 platform, GameHouse.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim\u0027s Windows machine without proper validation or restrictions. This platform was sometimes referred to or otherwise known as RealArcade or Arcade Games and has since consolidated with RealNetworks\u0027 platform, GameHouse."
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
},
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-623",
"description": "CWE-623 Unsafe ActiveX Control Marked Safe For Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:13:47.471Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/17105"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/17149"
},
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/real_arcade_installerdlg.rb"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://advisories.checkpoint.com/defense/advisories/public/2011/cpai-2011-347.html"
},
{
"tags": [
"product"
],
"url": "https://www.gamehouse.com/"
},
{
"tags": [
"product"
],
"url": "https://archive.org/details/com.real.arcade"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/real-networks-arcade-games-activex-arbitrary-code-execution"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "RealNetworks Arcade Games StubbyUtil.ProcessMgr ActiveX Arbitrary Code Execution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2011-10028",
"datePublished": "2025-08-20T15:39:11.898Z",
"dateReserved": "2025-08-19T14:59:15.495Z",
"dateUpdated": "2026-05-15T11:13:47.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
GHSA-3QW9-Q2MC-39J2
Vulnerability from github – Published: 2022-05-17 04:39 – Updated: 2025-10-06 18:31The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.
{
"affected": [],
"aliases": [
"CVE-2014-2368"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-623"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-07-19T05:09:00Z",
"severity": "MODERATE"
},
"details": "The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.",
"id": "GHSA-3qw9-q2mc-39j2",
"modified": "2025-10-06T18:31:00Z",
"published": "2022-05-17T04:39:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2368"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-198-02"
},
{
"type": "WEB",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02"
},
{
"type": "WEB",
"url": "http://webaccess.advantech.com"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7HJW-6Q7Q-JC3C
Vulnerability from github – Published: 2025-08-20 18:30 – Updated: 2025-08-20 18:30The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation or restrictions. This platform was sometimes referred to or otherwise known as RealArcade or Arcade Games and has since consolidated with RealNetworks' platform, GameHouse.
{
"affected": [],
"aliases": [
"CVE-2011-10028"
],
"database_specific": {
"cwe_ids": [
"CWE-623"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-20T16:15:35Z",
"severity": "HIGH"
},
"details": "The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim\u0027s Windows machine without proper validation or restrictions. This platform was sometimes referred to or otherwise known as RealArcade or Arcade Games and has since consolidated with RealNetworks\u0027 platform, GameHouse.",
"id": "GHSA-7hjw-6q7q-jc3c",
"modified": "2025-08-20T18:30:21Z",
"published": "2025-08-20T18:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-10028"
},
{
"type": "WEB",
"url": "https://advisories.checkpoint.com/defense/advisories/public/2011/cpai-2011-347.html"
},
{
"type": "WEB",
"url": "https://archive.org/details/com.real.arcade"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/real_arcade_installerdlg.rb"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/17105"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/17149"
},
{
"type": "WEB",
"url": "https://www.gamehouse.com"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/real-networks-arcade-games-activex-arbitrary-code-execution"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
During development, do not mark it as safe for scripting.
Mitigation
After distribution, you can set the kill bit for the control so that it is not accessible from Internet Explorer.
No CAPEC attack patterns related to this CWE.