activex questions

From: JoshB (metrix007@yahoo.com)
Date: 04/10/03


From: metrix007@yahoo.com (JoshB)
Date: 10 Apr 2003 07:22:30 -0700

HI,

I have been researching this, and there are some things that are not
clear.

By default, is it possible for hostile active code to execute without
user interaction, not including vulnerabilities?

What exactly is activex scripting capable of, I notice it is suggested
to enable it, and it is enabled by default.

ACtivex has complete control of target system?

Is it possible to "spoof" activex controls, so if one purports to be
from a trusted corp, ie ms, it will automaticly run without user
interaction?

Are there any examples of pages that can automaticly run code, install
spyware etc without user interaction, and without taking advantaged of
vulnerabilities?

I had assumed the above was possible, and a *lot* of people do,
however I am unable to find evidence of this..

Thanks for any explanations.