IE and Outlook May Run Arbitrary Code Reported March 14, 2000 by Georgi Guninski
Georgi discovered that a user could place a .chm file in the TEMP directory where that file could contain a "shortcut" command. When the file is opened with the showHelp() procedure, any listed programs could be executed by the operating system. DEMONSTRATION Such a problem could be used to launch an attack against an unsuspecting user of Outlook. Code similar to the following may cause a program to run on a remote desktop.<IFRAME align=3Dbaseline alt=3D"" VENDOR RESPONSE Microsoft is aware of this issue, however no response was known at the time of this writing. CREDITS |
0 comments
Hide comments