Microsoft Log Sink Class ActiveX control can allow remote attackers to create arbitrary files on an affected computer.
A remote attacker can exploit this issue by crafting a malicious Web site that triggers this vulnerability and enticing a user to visit the site. If successful, the attacker may create arbitrary files on the computer. This may lead to various attacks including arbitrary code execution.
ctl.addstring "echo Drive formatted? ", ""