Description: | | A vulnerability exists in the way Microsoft Internet Explorer handles security restrictions for the embedded HTML Help control. A specially crafted web document can deceive Internet Explorer into executing remote code in the Local Computer security zone. An attacker can exploit this vulnerability to bypass the security zone restrictions and execute arbitrary code with the privileges of the currently logged in user. The vulnerable application will not exhibit any unusual behavior during a successful attack. In the case of successful code injection and execution, the behavior of the attack target is entirely dependent on the nature of the injected code. |