Tunneling Shellcode with ActiveX

hdm writes "In the first issue of the Uninformed Journal, skape describes a method for using ActiveX as a transport mechanism for shellcode. The implementation, dubbed 'PassiveX', can be used to tunnel an interactive command shell or full VNC session over the HTTP protocol. PassiveX takes advantage of the Internet Explorer settings to pass through web proxies and escape restrictive outbound firewalls."