Security experts discovered tens of critical vulnerabilities were found in 10 South Korean ActiveX controls as part of a short research project. South Korea aims to eliminate the technology from all government websites by 2020. Experts spotted the flaws by approaching combined fuzzing of the controls with in-depth reverse engineering of the most popular ones. North Korea linked attacks exploited a large number of zero-day flaws in commonly used ActiveX. The flaws were all basic: various types of buffer overflows and unsafe exposed functionality that allowed executing code on users systems.”]
Source: https://securityaffairs.co/wordpress/85973/hacking/south-korea-activex-controls-flaws.html