ShredderSub7 SecExpert wrote:
“——————Which systems are vulnerable?——–
Any system running any Microsoft Windows XP edition with Internet Explorer 6 or higher, even with SP2 applied.
Any system running any Microsoft Windows Server 2003 edition with Internet Explorer 6 or higher.
——————How does this exploit work?———–
The problem with Internet Explorer is that it doesn’t set any restrictions on web pages that request opening a Windows Help file, compiled with HTML Help.
Without a restriction, we can (in Internet Explorer) easily command to open any local web page stored on a victim’s computer, including web pages that are founded in Windows Help files (with extension .CHM). “
Proof of concept was provided.