Yeah, there is another thread here discussing this same issue.
http://www.antionline.com/showthread...hreadid=257718
The long and short of the thread can be seen here:
http://www.securityfocus.com/archive/1/363202
Description:
While previous patches were to stop showhelp from executing CHM files
using their path, a weakness in the way the double "\" is handled by
the its protocol handler allows for the execution of locally installed
CHM files.when "\\" is placed before the name of target CHM file the
HELP folder is searched for such name , if the help folder dose not
contain a file with that name then the rootdrive would be the next
path to be searched,when a file with that name is found in either of
these paths it would be executed .
Reply With Quote