|
Microsoft Windows HTML Help API Privilege Escalation Vulnerability
It has been reported that the Microsoft HTML Help API does not lower the privileges of the invoking application, if they are different from the user, before starting Microsoft Internet Explorer. As a result, it is reportedly possible for attackers to use the MSIE component to navigate to the filesystem and execute commands with the privileges of the application from which the "help" interface was spawned. |
|
|
Privacy Statement |
