Multiple unsafe ActiveX methods allows files uploading from vulnerable host. Buffer overflow on ARJ files parsing. Local driver buffer overflow.
vulners.com/securityvulns/securityvulns:doc:16597
vulners.com/securityvulns/securityvulns:doc:16598
vulners.com/securityvulns/securityvulns:doc:16599
vulners.com/securityvulns/securityvulns:doc:16600