One might think that vulnerabilities in ActiveX controls are a thing of the past, but we continue to find evidence that they have not. Just this year, dozens of vulnerabilities have been discovered. In some cases an ActiveX exploit is more attractive to an attacker for targeting specific users of certain software or a company that uses certain business applications.
A few weeks ago, we encountered such an example: an unknown vulnerability in an ActiveX control exploited in the wild. It was DaumGame ActiveX, a control required for playing a web game by Daum Communications on their website. Below, I outline the vulnerability and how one particular attacker exploited it.