This vendor wants to do business with my company and therefore I don't think they would disclose any known vulnerabilities. I am trying to determine if there are known problems with COM, but from what I have been able to find that just depends on the quality of the code and should focus my attention on the environment, ie. ASP/ISS, agree? Would compliance checker show any problems with the application itself?
Just peruse the IIS vulnerabilities.... they're all over MS site. There's a bunch of patches out for them.<BR><BR>As for getting every single one? Impossible. New ones pop up everyday.<BR><BR>Their particular COM object will be protected under the context of IIS/your OS, unless they're intentionally doing something nefarious (like sneaking out info to their website or something).<BR><BR>Get the security patches, a virus scanner, and a firewall, and you'll be pretty good to go.