COMMAND

    Internet Explorer

SYSTEMS AFFECTED

    IE 5.x

PROBLEM

    Georgi Guninski found following.   There is a vulnerability in  IE
    5.x  for  Win95/WinNT  (probably  others)  which  allows executing
    arbitrary programs  using .chm  files.   Microsoft Networking must
    be installed.

    The  problem  is  the  window.showHelp()  method  which opens .chm
    files.  IE  disallows opening .chm  files with the  http protocol,
    but  allows  opening  if  the  .chm  file resides on MS networking
    server or a  local drive.   In this case  the .chm file  is opened
    even if it is  on a remote host.   In turn .chm files  may execute
    arbitrary programs  using the  "shortcut" command.   Demonstration
    which starts Wordpad:

        http://www.nat.bg/~joro/chm3.html

SOLUTION

    Disable Active Scripting.