Cryptographic weakness found making real strength against coliisions:
collisions in the the full SHA-1 in 2**69 hash operations, much less than the brute-force attack of 2**80 operations based on the hash length.
Collisions in SHA-0 in 2**39 operations.
Collisions in 58-round SHA-1 in 2**33 operations.
DHTML ActiveX and Help allows code injection into context of different server. By combining this vulnerability it's psosible to execute code in local machine zone. This vulnerability can potentially be used for silent spyware/adware installation.