Has there ever been a level of Windows with an ActiveX exploit so severe that it allowed an arbitrary operating system command (e.g. format c:) to be executed on an unmodified, unpatched system?
It's not just an ActiveX thing. Java can kick off an arbitrary process (Runtime.exec() ) which could also format your disk if it was given permission to do so. Ultimately any environment will allow bad things to happen if the user says they can. I guess the difference is that it's much harder for the user to change Java permissions than ActiveX permissions, ActiveX has traditionally has more holes and the Windows 'everone's an administrator' way makes it much easier for an ActiveX exploit to do things it shouldn't. A standard Unix user can't format the disk, even if the webpage they're looking at issues the command to do so.