FYI...

Controlling ActiveX Controls
- http://www.securityfocus.com/blogs/671
2008-03-13 - "...here are some quick thoughts on why browser accessible ActiveX controls are so frustrating:
1. ActiveX controls aren’t (usually) tied to the websites that installed them.
Meaning, any website can instantiate one and communicate with it. And by communicate with it, I mean perform memory corruption attacks that lead to remote code execution.
2. They are often written poorly.
Even more poorly than most 3rd party software. Overflows, arbitrary file access, you name it. You could probably find an ActiveX control that is actually vulnerable to every bug class.
3. They persist (and can be difficult to remove)...
After they get installed, you forget about it. Forever. Long after you have even logged into the website that convinced you to install it. Just waiting for someone to take advantage of issues 1 and 2 to make you part of their botnet.
4. They can be difficult to update.
Unlike a lot of software, ActiveX controls rarely have auto-update functionality. As a result, most people that are vulnerable, stay that way.
5. They are rarely necessary.
The worst part is, ActiveX controls are often add-ons that no one really needed and wouldn’t miss if they disappeared. A lot of times that I have seen them used, they were mostly there to make a UI feel more Win32 and less webby. The risk to benefit ratio has rarely been worth it..."