Microsoft Windows contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered due to the 'Related Topics' command in the Help ActiveX control ('hhctrl.ocx'). It is possible that the flaw may allow a remote attacker to create a specially crafted URL to open a help popup window and inject scripting code into that window, which could allow arbitrary command execution in the 'Local Machine' zone resulting in a loss of integrity.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

• Security Tracker: 1012836
• Bugtraq ID: 11770
• Secunia Advisory ID: 12889
• ISS X-Force ID: 18311
• CVE ID: 2004-1043 (see also: NVD)
• Milw0rm: 719
• Exploit Database: 719
• Microsoft Knowledge Base Article: 890175
• CERT VU: 972415
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0376.html
  http://archives.neohapsis.com/archives/bugtraq/2004-12/0260.html
  http://archives.neohapsis.com/archives/bugtraq/2004-12/0426.html
  http://archives.neohapsis.com/archives/bugtraq/2005-01/0194.html
  http://archives.neohapsis.com/archives/bugtraq/2005-01/0222.html
  http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0657.html
  http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0664.html
• Other Advisory URL: http://freehost19.websamba.com/shreddersub7/cmdexe-d.htm
  http://www.us-cert.gov/cas/techalerts/TA05-012B.html
• Vendor URL: http://www.microsoft.com/
• Microsoft Security Bulletin: MS05-001
• CIAC Advisory: p-093

• Paul - paulgreyhats.cjb.net - Personal Site