Today, Microsoft released the following Security Bulletin:
Microsoft Security Bulletin MS04-023
Vulnerability in HTML Help Could Allow Code Execution (840315)
Issued: July 13, 2004
This update resolves two newly-discovered vulnerabilities. The HTML Help
vulnerability was privately reported and the showHelp vulnerability is
public. Each vulnerability is doented in this bulletin in its own
Vulnerability Details section.
If a user is logged on with administrative privileges, an attacker who
successfully exploited the most severe of these vulnerabilities could take
complete control of an affected system, including installing programs;
viewing, changing, or deleting data; or creating new ...