activex questions

From: JoshB (
Date: 04/10/03

From: (JoshB)
Date: 10 Apr 2003 07:22:30 -0700


I have been researching this, and there are some things that are not

By default, is it possible for hostile active code to execute without
user interaction, not including vulnerabilities?

What exactly is activex scripting capable of, I notice it is suggested
to enable it, and it is enabled by default.

ACtivex has complete control of target system?

Is it possible to "spoof" activex controls, so if one purports to be
from a trusted corp, ie ms, it will automaticly run without user

Are there any examples of pages that can automaticly run code, install
spyware etc without user interaction, and without taking advantaged of

I had assumed the above was possible, and a *lot* of people do,
however I am unable to find evidence of this..

Thanks for any explanations.