RE: ZDnet forum: IE formatting local drive

["Alan Rouse" <ARouse () n2bb com>]

> Why is this even surprising people? For ages, you
> have been able to plant a file on the users machine, 
> locate its location, jump to a local security zone 
> and then execute the file. Sure, you skip 2 steps by 
> using the HTMLHelp Control, but the impact is the same 
> - running arbitrary code.

Yes but a clear, easily understood illustration of the vulnerability can
be useful to persuade a complacent user to protect themselves.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html