ActiveX element allow to upload and execute any code.
vulners.com/securityvulns/securityvulns:doc:15533