Article

Brief: Moore releases flaw-finding tool

Dennis Fisher

H.D. Moore has been a busy man. The researcher behind the Metasploit Project Tuesday released a new tool for finding vulnerabilities in Internet Explorer ActiveX controls. Plus Wednesday, ahead of his talk at the Black Hat conference

    Requires Free Membership to View

in Las Vegas, Moore released the first full beta of version 3.0 of the Metasploit Framework, his penetration testing software.

The new ActiveX tool, called AxMan, is a fuzzing engine designed to find flaws in COM objects in IE 6.0. AxMan is Web-based and works by listing all of the COM objects and the TypeLib data associated with them. The tool then uses that information to test each of the objects' properties and methods, Moore said in the release notes for AxMan.

The beta of Metasploit 3.0 has a slew of new features and modifications, including support for multiple shells for each exploit and new denial-of-service modules.

Moore has been in the spotlight for several weeks. Last month he declared July as the "Month of Browser Bugs" in which he posted details of a new browser flaw each day. Among the flaws he identified were a serious flaw in Internet Explorer involving an integer overflow error in the Common Controls library 'comctl32.dll', and multiple flaws in Firefox, which were addressed last week by the Mozilla Foundation.

Moore is scheduled to talk about the new version of the framework Wednesday at Black Hat.

News Editor Eric B. Parizo contributed to this article.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: