VULHUB ™

It has been reported that the Microsoft HTML Help API does not lower the privileges of the invoking application, if they are different from the user, before starting Microsoft Internet Explorer. As a result, it is reportedly possible for attackers to use the MSIE component to navigate to the filesystem and execute commands with the privileges of the application from which the "help" interface was spawned.

It has been reported that the Microsoft HTML Help API does not lower the privileges of the invoking application, if they are different from the user, before starting Microsoft Internet Explorer. As a result, it is reportedly possible for attackers to use the MSIE component to navigate to the filesystem and execute commands with the privileges of the application from which the "help" interface was spawned.