IE Compiled HTML May Run Unauthorized Code
Reported June 2 by Microsoft

VERSIONS EFFECTED
Internet Explorer 4.x and 5.x

DESCRIPTION

According to Microsoft"s bulletin, "If a compiled HTML Help (.chm) file were referenced by a malicious web site, it could potentially be used to launch code on a visiting user’s computer without the user’s approval. Such code could take any actions that the user could take, including adding, changing or deleting data, or communicating with a remote web site."

VENDOR RESPONSE

. See Q259166 for more details.

CREDITS
Discovered and reported by Microsoft