H.D. Moore has been a busy man. The researcher behind the Metasploit Project Tuesday released a new tool for finding...
vulnerabilities in Internet Explorer ActiveX controls. Plus Wednesday, ahead of his talk at the Black Hat conference in Las Vegas, Moore released the first full beta of version 3.0 of the Metasploit Framework, his penetration testing software.
The new ActiveX tool, called AxMan, is a fuzzing engine designed to find flaws in COM objects in IE 6.0. AxMan is Web-based and works by listing all of the COM objects and the TypeLib data associated with them. The tool then uses that information to test each of the objects' properties and methods, Moore said in the release notes for AxMan.
The beta of Metasploit 3.0 has a slew of new features and modifications, including support for multiple shells for each exploit and new denial-of-service modules.
Moore has been in the spotlight for several weeks. Last month he declared July as the "Month of Browser Bugs" in which he posted details of a new browser flaw each day. Among the flaws he identified were a serious flaw in Internet Explorer involving an integer overflow error in the Common Controls library 'comctl32.dll', and multiple flaws in Firefox, which were addressed last week by the Mozilla Foundation.
Moore is scheduled to talk about the new version of the framework Wednesday at Black Hat.
News Editor Eric B. Parizo contributed to this article.