RE: help:// protocol in Windows XP Prof

["Rocky Heckman" <rocky.he () g-wizinnovations com>]

It's not necessarily a 'bug'. 
Keep in mind that the Windows Help feature is HTML and therefore IE based.
If you open up Windows Help, or the MSDN you'll see that all of it's links
and references are either file:// or help://. IE is just set up to handle
protocol references the same way Explorer is set up to handle file
extensions. 

So when you drop help:// into IE, it's only natural for it to try to open up
what it thinks will be an HTML based help page. Granted, this can be
exploitable if you were to slip some malicious JS into the 'Help' page and
get a user to click on it. 

RH


-----Original Message-----
From: NETKOJI [mailto:netkoji () poczta onet pl] 
Sent: Thursday, 8 July 2004 8:17 AM
To: vuln-dev () securityfocus com
Subject: Re: help:// protocol in Windows XP Prof


Hello vuln-dev,

Bartosz Kwitkowski wrote:
>  There is funny thing in Internet Explorer 6.0 - Windows XP Professional
(fully patched).
>  When you are writing address in IE you can replace http:// by help:// 
>  example:
>  http://wb.pl/bartosz = help://wb.pl/bartosz
> and than hit <ENTER>... Page will open...
>  other...
>  help://www.securityfocus.com - looks funny, isn't? :-)
>  when IE opens page changes help:// to http://
>  BUT, BUT,
>  when you are create hyperlink <a href="help://wb.pl/bartosz">check</a>
>  it won't work - IE says syntax error...
>  I'm trying to exploit this...
>  Best regards,
>  Bartosz Kwitkowski

The same 'bug' applies to all other IE browsers below 6.0 (Win98SE and 
Win2K). Doesn't look like anything dangerous to me though...

NETKOJI