download-unsigned-activex-allowed: Download of Unsigned ActiveX Controls Allowed

id: download-unsigned-activex-allowed

info:
  name: Download of Unsigned ActiveX Controls Allowed
  author: princechaddha
  severity: high
  description: Verifies if the system allows downloading and installing unsigned ActiveX controls.
  impact: |
    Allowing unsigned ActiveX controls can lead to the execution of malicious code.
  remediation: |
    Disable the download and installation of unsigned ActiveX controls.
  tags: activex,code-signing,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      $prop = Get-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0' -Name '1004' -ErrorAction SilentlyContinue; if ($null -eq $prop.'1004') { "Property '1004' does not exist" } else { $prop.'1004' }

    matchers:
      - type: word
        words:
          - "1004=0"
# digest: 4b0a004830460221008239ff4938ea80b7ea56a693c559e3dc2a36fccd79620ed5e1d1f11616b37285022100e25aabca0a58cda005cfe359b88d5932b11ecc0ae1cb5a85eb8b30094a6ca1da:922c64590222798bb761d5b6d8e72950