About the dangers of ActiveX

All, I think, have already heard about spam mailings with links allegedly to the site odnoklassniki.ru. One way or another, but when clicking on these links, the user found himself on a page with malicious JS code. Variants of this code can be mass. What was in the first wave of spam - I do not know, I will tell what was in the second.

Twice-encrypted (probably even the same way) Java-Script code. After decrypting, a script was obtained that exploits 8 (eight) different ActiveX vulnerabilities at once. Below is a list of used vulnerabilities:
MS06-014 - 2006. It is still actively used. Applying patches and updates is good!
CVE-2006-3730 is also the year 2006.
CVE-2005-2127 - 2005, and is still used.
CVE-2008-0659 - 2008, fresh! Vulnerability in ActiveX component for downloading images. As I understand it, this component is widely distributed among MySpace users.
CVE-2008-0623 - 2008. Yahoo! Music jukebox
CVE-2006-5820 - 2006. Component by AOL.
CVE-2006-4446 - 2006.
Two obscure ActiveX objects.

Tips: Disable the use of ActiveX. Yes, in Adobe Flash also recently found a vulnerability. As a last resort - turn on only where you need it. Disable JS wherever you don't need it. After all, install patches and updates on software: after all, in the worst case, only half of the presented list is the 2008 vulnerability.