Reported July 13, 2004, by Microsoft
The following two new vulnerabilities in Windows could allow the remote execution of arbitrary code on the vulnerable system:
- showHelp vulnerability—A remote code-execution vulnerability exists in the processing of a specially crafted showHelp URL. The vulnerability could allow malicious code to run in the Local Machine security zone in Internet Explorer (IE), thereby letting an attacker take complete control of an affected system.
- HTML Help vulnerability - A remote code-execution vulnerability exists in HTML Help that could allow remote code execution on an affected system. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
Microsoft has released bulletin MS04-023, "Vulnerability in HTML Help Could Allow Code Execution (840315)," to address these vulnerabilities and recommends that affected users apply the appropriate patch listed in the bulletin.
Discovered by Brett Moore.