In brief, the flaw relates to how DNS requests are made to servers and fulfilled...
With poisoned DNS, you could think you were visiting a given site that you trust, and yet be directed to a look-alike site packed with every form of malware that tries to auto-install or prompts you to accept ActiveX-based horrors that would take over your computer.
In my opinion, if you don't initiate it, do not install anything when prompted. If you want to check emails or news, and you are prompted for some player installation, it should raise a big warning flag in your head. Of course, it gets tricky when you try to play online games. After all, almost all of them uses ActiveX, Java, or Flash player, so you will need to accept installation prompt.
There are people out there who want to take advantage of the clueless. It's a sad reality. Don't be clueless!