ActiveX seems to be getting some bad press once again, as its the target of recent exploits. From SANS:
“Microsoft mentions that they are aware of active exploits against this vulnerability, although we at the SANS Internet Storm Center haven’t seen it used or mentioned in public as of yet. Which may tend to indicate it has been used in targeted rather than broad based attacks. At the moment there is no patch, there is a workaround, and it can be automated for enterprise deployment.”
The result of the exploit looks to be remote code execution with privileges of the logged-in user. There are some quick fixes on the SANS site, but no patch from Microsoft yet.