CWE-623: Unsafe ActiveX Control Marked Safe For Scripting
An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.
Last updated
Overview
This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilities, depending on the control's behavior.
Real-world CVEs
3 recorded CVEs are caused by CWE-623 (Unsafe ActiveX Control Marked Safe For Scripting). The highest-severity and most recent are shown first. 0 new CWE-623 CVEs have been recorded so far in 2026 (1 in 2025).
- CVE-2011-10028
RealNetworks Arcade Games StubbyUtil.ProcessMgr ActiveX Arbitrary Code Execution
High · CVSS 8.7 · EPSS 61th2025-08-20 - CVE-2014-2368
Advantech WebAccess Unsafe ActiveX Control Marked Safe For Scripting
High · CVSS 7.5 · EPSS 75th2014-07-19 - CVE-2018-17925Medium · CVSS 4.8 · EPSS 22th2018-10-10