The Execute function in iMBCContents ActiveX Control prior to 2.0.0.59 allows remote malicious users to execute arbitrary files via the file URI handler.
imbc imbccontents activex control