What is an ActiveX Control?
ActiveX control is a component using Microsoft ActiveX technologies. An ActiveX control can be automatically downloaded and executed by a Web browser. ActiveX is not a programming language, but rather a set of rules for how applications should share information.
ActiveX controls are Compiled, reusable software components based on Microsoft’s Component Object Model (COM). ActiveX controls, formerly called OLE controls, can be combined as prefabricated components to aid developers in building new applications.
Programmers can develop ActiveX controls in a variety of languages, including C, C++, Visual Basic, and Java.
An ActiveX control is similar to a Java applet. Unlike Java applets, however, ActiveX controls have full access to the Windows operating system. This gives them much more power than Java applets, but with this power comes a certain risk that the applet may damage software or data on your machine. To control this risk, Microsoft developed a registration system so that browsers can identify and authenticate an ActiveX control before downloading it. Another difference between Java applets and ActiveX controls is that Java applets can be written to run on all platforms, whereas ActiveX controls are currently limited to Windows environments.
Read the following articles
How ActiveX Controls work?
ActiveX controls can draw themselves in their own windows, respond to events such as mouse clicks, and be managed through properties and methods. An ActiveX control cannot run as a stand-alone program but must be loaded into a control container such as Microsoft Visual Basic or Microsoft Internet Explorer. ActiveX controls typically provide a user interface and are generally designed to run on the client.
ActiveX controls are often used to provide dynamic features for Web pages—for example, a stock ticker control that adds a live stock ticker to a Web page, an advanced user interface navigation tool, and an animation control that adds animation functionality to a page.
ActiveX controls can be embedded into a Hypertext Markup Language (HTML) page by using the HTML tag. If a user tries to access such a page using a Web browser and the embedded ActiveX control is not installed on his or her system, the control can be automatically downloaded by using the URL specified in the CODEBASE attribute of the tag. Once the ActiveX control is downloaded and installed on the user’s system, the browser will continue to use the cached control until an updated version becomes available on the server.
Here is an example of a typical tag that includes a CODEBASE attribute:
<OBJECT ID="BoomButton" WIDTH=225 HEIGHT=35 CLASSID="clsid:56F1BF40-B2D0-11d0-A6D6-00AA00A70FC2" CODEBASE="http://example.microsoft.com/AControl.cab# Version=1,0,0,1"> </OBJECT>
Malicious ActiveX control
A malicious ActiveX control can potentially damage software or data on a user’s computer. To help users determine whether an ActiveX control is safe to install, Microsoft has developed a code-signing technology called Authenticode, which identifies the creator of a control using a digital signature issued by a well-known security authority such as VeriSign Inc.