Microsoft Windows Arbitrary Code Execution Vulnerabilities

Reported July 13, 2004, by Microsoft

VERSIONS AFFECTED

Windows Server 2003 Windows XP Windows 2000 Windows Me Windows 98 Windows NT 4.0 (If Internet Explorer 6, Service Pack 1 is installed)

DESCRIPTION
The following two new vulnerabilities in Windows could allow the remote execution of arbitrary code on the vulnerable system:

• showHelp vulnerability—A remote code-execution vulnerability exists in the processing of a specially crafted showHelp URL. The vulnerability could allow malicious code to run in the Local Machine security zone in Internet Explorer (IE), thereby letting an attacker take complete control of an affected system.
• HTML Help vulnerability - A remote code-execution vulnerability exists in HTML Help that could allow remote code execution on an affected system. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

VENDOR RESPONSE
Microsoft has released bulletin MS04-023, "Vulnerability in HTML Help Could Allow Code Execution (840315)," to address these vulnerabilities and recommends that affected users apply the appropriate patch listed in the bulletin.

CREDIT
Discovered by Brett Moore.