The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and gain access if able to present a valid username and password, by disabling ActiveX.
http://www.vupen.com/english/advisories/2006/5063
http://www.securityfocus.com/bid/21652
http://www.kb.cert.org/vuls/id/339004