Understanding ActiveX Controls

ActiveX technology was developed by Microsoft in the mid-1990’s based on the Component Object Model (COM) and Object Linking and Embedding (OLE) technologies. The intent was to provide easily reusable building blocks of programs (active content) via objects whose interfaces can be integrated with other COM objects or programs.

Many common applications (including Internet Explorer, Microsoft Office, and Windows Media Player) use it to enhance their feature sets and embed their functionality into other applications. Non-Microsoft applications and websites may also install their own ActiveX controls to provide unique functionality (Adobe Shockwave, for instance).

ActiveX controls are typically identified by their class identifier (CLSID), a unique value associated with each control which is referred to as the globally unique identifier (GUID). ActiveX controls are also identified through a program identifier (ProgID), which gives each control a user-friendly name. The ProgID and CLSID relationship is comparable to the interation between an IP address and DNS.

A CLSID key exists to provide information used by the default COM handler to return details about a class when it is running. Several public websites list CLSIDs and their accompanying information, including:

ActiveX controls are often compared to Java applets because both enable end users to download small programs into their web browsers, which results in more dynamic and interactive web pages. A major difference between ActiveX controls and Java applets is that ActiveX controls are granted higher levels of control over applications. These additional privileges makes them a more attractive target for those individuals looking to perform malicious activities.

Adapted from Cisco’s Preventing ActiveX Exploits article.

In this article

Join the Conversation