http://www.theregister.co.uk/2010/06/10/windows_help_bug/ http://seclists.org/fulldisclosure/2010/Jun/205
Looks like a combination of XSS, and invoking the hcp protocol for help and support center to execute commands in the context of the logged on user. PS: Mad Props to Susan Bradley on the Patch Management list for putting this out.... Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 [email protected] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
