> Why is this even surprising people? For ages, you > have been able to plant a file on the users machine, > locate its location, jump to a local security zone > and then execute the file. Sure, you skip 2 steps by > using the HTMLHelp Control, but the impact is the same > - running arbitrary code.
Yes but a clear, easily understood illustration of the vulnerability can be useful to persuade a complacent user to protect themselves. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
