An ActiveX control shipped with IE can be used to install software components signed by Microsoft without prompting the user. This of course raises trust issues. Someone, not necessarily Microsoft, could use this control to install a Microsoft signed component in your system.
00f3f0b2e0d5491b814f02f98a69262203221432818c66cf49198886b616c325
MSIE 4 Privacy Issue: clipboard content can be made public by a javascript code two lines long. Exploit code included.
533480375e13300a1ea411f4dea31920cc0d84718326039eb9f44a2afd0493a2
More Microsoft Internet Explorer 5 vulnerabilities! Microsoft Active X control called "DHTML Edit control Safe for Scripting for IE 5" contains security holes that allow public access to the clipboard and cross-frame access, among other things. Exploit code examples included.
c2521e524f27af1a173959487b0052a7eba6c27e26cb67ddea1ef8b99b484082
Microsoft Internet Explorer 4.x vulnerability in ActiveX object allows remote attacker to obtain local user's clipboard content with simple JavaScript code.
3a9e7508d8e89ab51d6906bf042aed33297223303be07f2cab87430a42c6fa97