RE: help:// protocol in Windows XP Prof

["Calderon, Juan Carlos (GE Commercial Finance, NonGE)" <juan.calderon () ge com>]

<.a href="javascript:loadWin()" title="help://www.product.com/help" 
onmouseover="window.status='help://www.product.com/help';return true" onmouseout="window.status='';return true">

just my two cents

-----Original Message-----
From: Jordan Cole (stilist) [mailto:stilist () gmail com]
Sent: Wednesday, July 07, 2004 8:13 PM
To: Bartosz Kwitkowski
Cc: vuln-dev () securityfocus com
Subject: Re: help:// protocol in Windows XP Prof


If you could get it to work in a link, it would make for a good
exploit... "Click here to read the help file for this application."
Have that link to a malware-enabled website or something similar, and
you've got another unsuspecting user infected.

On the other hand, you could just create a link that /appears/ to be
pointing to a help:// url...

<.html>
<.head>
<.script language='javascript1.2'>
function loadWin(){
window.open('http://www.google.com/','Help for
[product]','resizable=yes,width=500,height=400, top=10, left=10');
}
<./script>
<./head>
<.body>
<.a href="javascript:loadWin()"
title="help://www.product.com/help">Read the help file</a>
<./body>
<./html>

I tried to make the statusbar reflect the apparent help:// url, but
couldn't remember how (despite a quick google).

While it's unlikely most users would even notice the help:// part,
those who do would simply assume it's some weird thing like ftp://...
they don't know what it does, but it apparently works.

-- 

[stlst]