CWE-623 3 个 CVE MITRE 定义 ↗

CWE-623:Unsafe ActiveX Control Marked Safe For Scripting

概览

CWE-623(Unsafe ActiveX Control Marked Safe For Scripting)描述一种在漏洞数据库与安全评估中使用的弱点类型;定义、背景与映射 CVE 见下方各节。

安全影响
安全影响:因产品与场景而异;请结合 CVE 记录、严重度评分与 MITRE 说明进行优先级判断。

描述

An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.

适用平台

类型 名称 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Web Based Undetermined

本库相关 CVE

下列 CVE 在本库中映射到该弱点,并保留以便追溯与检索。

CVE 公开时间 摘要
CVE-2011-10028 2025-08-20 The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows rem…
CVE-2018-17925 2018-10-10 Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. O…
CVE-2014-2368 2014-07-19 The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.

内容提交

名称
CWE Content Team
组织
MITRE
日期
2007-05-07
版本
Draft 6

内容修订

日期 名称 版本 重要性 评论
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Description, Relationships, Observed_Example, Weakness_Ordinalities
2010-02-16 CWE Content Team 1.8 updated References
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated References, Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Relationships
2017-11-08 CWE Content Team 3.0 updated References
2018-03-27 CWE Content Team 3.1 updated References
2020-02-24 CWE Content Team 4.0 updated Relationships
2020-06-25 CWE Content Team 4.1 updated Observed_Examples
2022-04-28 CWE Content Team 4.7 updated Research_Gaps
2023-01-31 CWE Content Team 4.10 updated Relationships
2023-04-27 CWE Content Team 4.11 updated References, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms
cvelogic Threat Intelligence