-----------------------------------------------------------------------------
 Zenturi ProgramChecker ActiveX Control "NavigateUrl()" Insecure Method
 
 url: http://www.programchecker.com/activeintro.aspx

 author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://shinnai.altervista.org
 
 Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7

 I can't believe my eyes when I see what you can do with this ActiveX
 (and I can't believe that this product is considered as antispyware).
 You can use the "NavigateUrl()" to arbitrary launch local file from a pc.
 Try, for example, to launch "c:\somefile.exe" and see what happen.
 Imagine to use this method with the "DownloadFile()" one, you can download
 something on the pc and run it without problems.
 For the "DownloadFile()" vulnerability see:
 http://www.milw0rm.com/exploits/4008
-----------------------------------------------------------------------------