MS Internet Explorer CHM files and ms-its handler code execution

2004-04-14T00:00:00
ID SECURITYVULNS:VULN:3590
Type securityvulns
Reporter CERT
Modified 2004-04-14T00:00:00

Description

HTTP redirection to ms-its (and few others) protocol exploiting directory traversal bug cause CHM file to be saved to known location. With another directory traversal bug HTML from CHM file can be executed in local zone.