User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaws exist within the MyAsUtil126.96.36.1993.dll which exposes an ActiveX control. First, XSS can be used to bypass the domain execution policy implemented in MyASUtil.SecureObjectFactory.CreateSecureObject() to create an instance of MyASUtil.InstallInfo. Then, MyASUtil.InstallInfo.RunUserProgram() can be used to execute code on the user's system. Additionally, many other objects and interfaces on the user's system can likely be abused using this general mechanism.