The Active Setup Control allows .cab files to be
downloaded to a user's computer as part  of the
installation process for software updates.
However, the control has two flaws.
First, it treats all Microsoft-signed .cab files
as trusted, thereby allowing them to be installed
without asking the user's approval.
Second, it provides a method by which the
caller can specify a download location on the
user's hard drive.
In combination, these two flaws would allow a malicious
web site operator to download a Microsoft-signed .cab file
as a means of overwriting a file on the user's machine.