[V U L N E R A B L E] Internet Explorer 2

Microsoft Internet Explorer showHelp Path Search Lets Remote Users Load
Existing Local CHM Files
http://www.securitytracker.com/aler...10157.html


Impact: Execution of arbitrary code via network, User access via network

Exploit Included: Yes

Version(s): 6

Description: A vulnerability was reported in Microsoft Internet Explorer.
A remote user can create HTML that, when loaded, will execute existing CHM
files on the target user's computer.

Roozbeh Afrasiabi reported that a remote user can create HTML that
specifies the name of a CHM file on the target user's system using a
double slash to cause the CHM file to be loaded. The HTML can contain a
showHelp() function call for an existing CHM file without specifying the
path to the CHM file to cause the system to search first in the Windows
Help directory and then in the Windows root direction for the filename.
The file will reportedly be loaded in the Local Computer zone.

A demonstration exploit is provided in the Source Message and at:

http://www.freewebs.com/roozbeh_afr.../index.htm
Impact: A remote user can cause existing CHM files in certain locations
on the target user's computer to be loaded in the Local Computer zone.

Solution: No solution was available at the time of this entry.
Vendor URL: www.microsoft.com/technet/security/ (Links to External Site)

Cause: Access control error, State error

Underlying OS: Windows (Any)



Tella A LA P.ta CALLE y sus perros tambien