IE 5.x/Outlook allows executing arbitrary programs using .chm files and temporary internet files folder
Legal Notice:
This Advisory and Demonstration is Copyright (c) 2000 Georgi Guninski. You may distribute
it unmodified. You may not modify it and distribute it or distribute parts
of it without the author's written permission.
Disclaimer:
The opinions expressed in this advisory and program are my own and
not of any company.
The usual standard disclaimer applies, especially the fact that Georgi
Guninski
is not liable for any damages caused by direct or indirect use
of the information or functionality provided by this advisory or program.
Georgi Guninski, bears no responsibility for content or misuse of this
advisory or program or any derivatives thereof.
The reason for waiting is the page needs to download 120KB and the server is on slow internet
connection and really lot surfers try the demo when it is released.
If it does not work wait some time and reload the page (currently the server is on a slow
internet conection and 110KB must be donwloade by a lot of surfers.
If it still does not work try increasing the number of "chm*.chm" files in IMG and showHelp.
The object below must be loaded from a server with name different from the parent document - it may be the same server but use the IP address or another alias.