Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorerโs security settings and execute arbitrary commands via a malicious web page or email, aka the โMicrosoft VM ActiveX Componentโ vulnerability.